DIP1028 - Rationale for accepting as is
H. S. Teoh
hsteoh at quickfur.ath.cx
Sat May 23 15:33:05 UTC 2020
On Sat, May 23, 2020 at 10:55:40AM +0000, Dukc via Digitalmars-d-announce wrote:
[...]
> When I look my own code that uses the Nuklear GUI library, written in
> C, it's all `@system`. I have not had the time to make `@trusted`
> wrappers over the BindBC-nuklear API, so I did what tends to occur to
> us as the next best thing: resign and make the whole client code
> `@system`. Just making `@trusted` wrappers over BindBC-nuklear seemed
> to me as inresponsible use of the attribute. And reading this theard,
> it would seem like most of you would agree.
>
> But when I think it, what I have accomplised from avoiding that
> antipattern? The only difference is, that if my D code does something
> `@system`, it'll remain under the radar. So I'm worse off than had I
> submitted to the antipattern!
[...]
And this is precisely why I proposed that what we need is a way for the
compiler to mechanically check all code *except* certain specified
blackboxes that are skipped over. Then you can have your calls to
unvetted C functions and still have the mechanical checks enabled for
the rest of your code.
This is also related to @trusted blocks inside a function, the intention
of which is to limit the @system code to as small a surface area as
possible while enabling @safe checks for the rest of the function.
T
--
Gone Chopin. Bach in a minuet.
More information about the Digitalmars-d-announce
mailing list