digitalmars.D - Shouldn't pureMalloc be system instead of trusted?
- =?UTF-8?B?Tm9yZGzDtnc=?= (6/6) Mar 16 2018 Shouldn't `pureMalloc` at
- ag0aep6g (4/9) Mar 16 2018 You can only access the uninitialized memory with @system features:
- Jonathan M Davis (10/19) Mar 16 2018 And because it's @trusted, you know that you don't have to spend time
Shouldn't `pureMalloc` at https://dlang.org/library/core/memory/pure_malloc.html be system instead of trusted? Because it returns uninitialized memory just like T x = void; does, which is not allowed in safe code.
Mar 16 2018
On 03/16/2018 10:22 PM, Nordlöw wrote:Shouldn't `pureMalloc` at https://dlang.org/library/core/memory/pure_malloc.html be system instead of trusted?You can only access the uninitialized memory with system features: casting the pointer or slicing it. So it's safe, because you can't do anything unsafe with it in safe code.
Mar 16 2018
Jonathan M Davis <newsgroup.d jmdavisprog.com> On Friday, March 16, 2018 22:58:13 ag0aep6g via Digitalmars-d wrote:On 03/16/2018 10:22 PM, Nordlöw wrote:And because it's trusted, you know that you don't have to spend time figuring out if you're using it in an safe way. You just have to spend the time figuring out if you're using the result in an safe way so that you can mark that code with trusted. Ultimately, I think that the question of how trusted is used comes down to making it so that the programmer knows which code they need to examine to manually verify safety - that and not marking anything as trusted that isn't actually safe. But returning something that can't be used in safe code isn't necessary unsafe. - Jonathan M DavisShouldn't `pureMalloc` at https://dlang.org/library/core/memory/pure_malloc.html be system instead of trusted?You can only access the uninitialized memory with system features: casting the pointer or slicing it. So it's safe, because you can't do anything unsafe with it in safe code.
Mar 16 2018