[Issue 14125] std.file has gotten out of hand
via Digitalmars-d-bugs
digitalmars-d-bugs at puremagic.com
Wed Feb 4 15:23:33 PST 2015
https://issues.dlang.org/show_bug.cgi?id=14125
hsteoh at quickfur.ath.cx changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |hsteoh at quickfur.ath.cx
--- Comment #1 from hsteoh at quickfur.ath.cx ---
I didn't look closely at std.file, but I think the consensus over the past
several months is that @trusted should not be used if avoidable, and if it
cannot be avoided, it should be limited to small chunks of code, usually
factored out as small lambdas in the main function body which is marked @safe.
Example:
-----
auto mySafeFunc(T...)(T args) @safe {
int trustedHelper(int x) @trusted {
// Here, it should be explained exactly why the particular value(s) of
// x here will never trigger un- at safe behaviour in the following call:
return potentiallyDangerousFunc(x);
}
doStuff(...);
auto x = trustedHelper(...);
doMoreStuff();
return result;
}
-----
The idea is that doStuff() and doMoreStuff() can be non-trivial, convoluted
code, that we don't want to be reviewing every single time we review usage of
@trusted; the actually-trusted bit of code should be confined to
trustedHelper(), which is small enough that should the need arise, we can
review it within a reasonable amount of time.
I don't know if this is the best way to do it, but this particular construct is
quickly becoming an idiom in Phobos.
--
More information about the Digitalmars-d-bugs
mailing list