Why is three safety levels need in D?
Kagamin via Digitalmars-d-learn
digitalmars-d-learn at puremagic.com
Fri Nov 18 09:19:43 PST 2016
On Thursday, 17 November 2016 at 17:18:27 UTC, Nordlöw wrote:
> Why does D need both `@safe`, `@trusted` and `@system` when
> Rust seems to get by with only safe (default) and `unsafe`?
Rust has 3 levels of safety: the code inside unsafe block is
@system, and the unsafe block as a whole is a @trusted wrapper
providing safe interface to be called by safe code. The rationale
for function-level safety is better encapsulation: the function
accesses only its parameters and nothing more, but unsafe block
has access to all visible local variables of its function, not
only those it works with. D supports Rust-style unsafe blocks
with @trusted lambdas.
More information about the Digitalmars-d-learn
mailing list