On Friday, 13 February 2015 at 09:28:30 UTC, Kagamin wrote:
On Friday, 13 February 2015 at 09:11:26 UTC, Foo wrote:
And I wouldn't say indiscriminately. Every function I marked
with @trusted was checked by me so far.
What did you check them for? :)
Just first example: make and destruct, being marked as
@trusted, don't prevent caller from UAF and double free
vulnerabilities, and compiler can't help with that by checking
the caller. Other functions marked as trusted have similar
problems. If the the caller can't be automatically checked for
safety and must ensure safety manually, it means the callee is
@system.
That seems to be a problem with trusted and safe :)
