@trusted considered harmful
David Piepgrass
qwertie256 at gmail.com
Sat Jul 28 22:14:11 PDT 2012
> On Saturday, July 28, 2012 22:08:42 David Nadlinger wrote:
>> On Saturday, 28 July 2012 at 02:33:54 UTC, Jonathan M Davis
>> But unfortunately wrong – you call S.save in the @trusted
>> block… ;)
>
> Yeah. I screwed that up. I was obviously in too much of a hurry
> when I wrote
> it. And actually, in this particular case, since the part that
> can't be
> @trusted is in the middle of an expression doing @system stuff,
> simply using an
> @trusted block wouldn't do the trick.
Have you guys thought about the possibility that the language
could simply not trust any calls that were resolved using a
template argument?
I'm a bit tired so I may be missing something, but it seems to me
that (in a @trusted template) if the compiler uses an
instantiated template parameter (e.g. actual type Foo standing in
for template parameter T) to choose a function to call, the
compiler should require that the function be @safe, based on the
principle that a template cannot vouch for what it can't control.
IOW, since a template can't predict what function actually gets
called, the compiler should require whatever function gets called
to be @safe.
If the programmer actually does want his template function to be
able to call _unpredictable_ @system functions, he should mark
his template as @system instead of @trusted.
More information about the Digitalmars-d
mailing list