@trusted considered harmful

Paulo Pinto pjmlp at progtools.org
Fri Jul 27 23:15:11 PDT 2012


On Saturday, 28 July 2012 at 00:53:24 UTC, José Armando García 
Sancio wrote:
> On Fri, Jul 27, 2012 at 5:08 PM, David Nadlinger 
> <see at klickverbot.at> wrote:
>>  2) The first step is necessary, but mainly of cosmetic nature 
>> (think
>> `pure`, `pure2`). We still need to address for the granularity 
>> and attribute
>> inference problem. The obvious solution is to add a "@trusted"
>> declaration/block, which would allow unsafe code in a certain 
>> region.
>> Putting @trusted in the function header would still be allowed 
>> for backwards
>> compatibility (but discouraged), and would have the same 
>> effect as marking
>> the function @safe and wrapping its whole body in a @trusted 
>> block. It could
>> e.g. look something like this (the @ prefix definitely looks 
>> weird, but I
>> didn't want to introduce a new keyword):
>>
>
> Agreed. This is very similar to how Rust works. In Rust all the
> functions are assumed to be @safe. Unsafe code can only be 
> performed
> in clearly marked blocks. Note: I am not suggesting D should 
> implement
> Rust's solution as David already pointed out.
>
> -Jose

C#'s approach is also similar with the unsafe keyword.




More information about the Digitalmars-d mailing list