On Monday, 27 May 2019 at 14:26:16 UTC, ag0aep6g wrote:
Oh, yeah. Getting @trusted right is hard. Getting it right when
user-provided types are involved is extra hard, because you
can't even trust fundamental operations like assignment or
copying.
In my point of view @trusted means "I use pointer-related
operations correctly. Also I am using all @system interfaces
correctly". The code in question uses allocator interface
correctly. User of this code has a contract to supply allocator
that conforms to this interface. If a user supplies mallocator
that is not correct, there are two possibilities:
- Allocator is buggy. Nothing to do with @trusted code.
- Allocator do not conforms to allocator interface. User has
broken the contract. Nothing to do with @trusted code.
I think we should keep in mind not only technical aspects of
@trusted and @system, but this contract too.
