[Issue 14125] @trusted nested helper functions in std.file
via Digitalmars-d-bugs
digitalmars-d-bugs at puremagic.com
Thu Feb 5 02:27:01 PST 2015
https://issues.dlang.org/show_bug.cgi?id=14125
John Colvin <john.loughran.colvin at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |john.loughran.colvin at gmail.
| |com
--- Comment #75 from John Colvin <john.loughran.colvin at gmail.com> ---
Walter and Andrei are completely right here.
If you can't factor out the @system code to a function providing a truly safe
interface (marked with @trusted), then the code clearly depends on its
surrounding context to make it safe. So *all* of that code needs to be manually
verified with the same scrutiny, together with the core bit that actually
appeared to be @system.
It becoming a maintenance nightmare is just unveiling the true difficulty of
safely using @system code, as opposed to papering over it.
It might become good practice in robust @trusted code to add static asserts to
ensure that changes to @system (explicit or inferred) further down the call
tree aren't accidentally missed. static assert(isTrusted!func) or similar.
--
More information about the Digitalmars-d-bugs
mailing list