digitalmars.D.learn - Clarification of trusted attribute?
- Gary Willoughby (17/27) Jun 12 2013 So would you mark the following with @trusted? The format()
- Kenji Hara (6/22) Jun 13 2013 In this case, format std.string.format function should work under
I know the reason to mark a method as trusted from the docs:Trusted functions are guaranteed by the programmer to not exhibit any undefined behavior if called by a safe function. Generally, trusted functions should be kept small so that they are easier to manually verify.Undefined behavior happens when an illegal code construct is executed. Undefined behavior can include random, erratic results, crashes, faulting, etc. A buffer overflow is an example of undefined behavior.So would you mark the following with trusted? The format() function is not safe but what is trusted really trying to say? This method is safe as far as i'm concerned? The arguments make format() safe? I'm confused. /** * Get the current timestamp for the log. * * Returns: * The current timestamp. */ private string getTimestamp() const { auto time = Clock.currTime(); return format("%d/%02d/%02d %d:%02d:%02d", time.year, time.month, time.day, time.hour, time.minute, time.second); }
Jun 12 2013
"Kenji Hara" <k.hara.pg gmail.com>
On Wednesday, 12 June 2013 at 13:09:40 UTC, Gary Willoughby wrote:
So would you mark the following with trusted? The format()
function is not safe but what is trusted really trying to
say? This method is safe as far as i'm concerned? The
arguments make format() safe? I'm confused.
/**
* Get the current timestamp for the log.
*
* Returns:
* The current timestamp.
*/
private string getTimestamp() const
{
auto time = Clock.currTime();
return format("%d/%02d/%02d %d:%02d:%02d", time.year,
time.month, time.day, time.hour, time.minute, time.second);
}
In this case, format std.string.format function should work under
the `safe annotation.
I recently worked to make it possible.
https://github.com/D-Programming-Language/phobos/pull/1337
Kenji Hara
Jun 13 2013