how much "real-life" code can be marked @safe ?
Alexandru Ermicioi
alexandru.ermicioi at gmail.com
Sat Jul 3 16:06:33 UTC 2021
On Friday, 2 July 2021 at 22:08:31 UTC, tsbockman wrote:
> (Responding out of order:)
>
> On Friday, 2 July 2021 at 00:26:52 UTC, someone wrote:
>> But when you start attempting to declare @safe chunks of code
>> that actually DO things ... well, it seems end-of-the-story.
>
> If you find yourself unable to get real work done in `@safe`
> code, this is almost certainly a sign of one of the following
> problems:
>
> 0) You don't fully understand the purpose and valid use of any
> or all of the `@trusted`, `inout`, `scope`, and `return`
> annotations.
>
> 1) Your code is avoiding use of the garbage collector, and/or
> does not have `-dip1000` enabled. (`@safe` is still quite
> useful without the garbage collector, but even with `-dip1000`
> you'll still need a lot of `@trusted` code.)
>
> 2) You have at least one dependency that isn't correctly
> designed for use with `@safe`.
I'd add:
3. An edge case. Ex: You need to mutate some data and then assume
it is immutable in a constructor.
4. Functionality that doesn't account for @safe/immutable or any
other features when it can in standard library. Take for example
array.dup, there is no inout alternative for it, and you're
pretty much stuck with trusted code, when you'd like to dup an
array that is inout.
manual.
Although these two should be on the lowest place in this list by
priority.
More information about the Digitalmars-d-learn
mailing list