@trusted considered harmful

José Armando García Sancio jsancio at gmail.com
Fri Jul 27 17:53:14 PDT 2012


On Fri, Jul 27, 2012 at 5:08 PM, David Nadlinger <see at klickverbot.at> wrote:
>  2) The first step is necessary, but mainly of cosmetic nature (think
> `pure`, `pure2`). We still need to address for the granularity and attribute
> inference problem. The obvious solution is to add a "@trusted"
> declaration/block, which would allow unsafe code in a certain region.
> Putting @trusted in the function header would still be allowed for backwards
> compatibility (but discouraged), and would have the same effect as marking
> the function @safe and wrapping its whole body in a @trusted block. It could
> e.g. look something like this (the @ prefix definitely looks weird, but I
> didn't want to introduce a new keyword):
>

Agreed. This is very similar to how Rust works. In Rust all the
functions are assumed to be @safe. Unsafe code can only be performed
in clearly marked blocks. Note: I am not suggesting D should implement
Rust's solution as David already pointed out.

-Jose


More information about the Digitalmars-d mailing list