Encapsulating trust
Dmitry Olshansky via Digitalmars-d
digitalmars-d at puremagic.com
Sun Aug 31 06:47:42 PDT 2014
Quite recently a lot of work has been done to make most of Phobos usable
in @safe code.
While a very welcome effort, it caused a number of doubts in particular
due to the boilerplate required to isolate a small amount of unsafe
operations and slap "@trusted" over it.
See e.g. Denis argument:
https://github.com/D-Programming-Language/phobos/pull/2465
There were proposals for language changes along the lines of having
@trusted block alike to debug/version blocks, but nothing ever came out
of them.
Without language support I decided it worth a shot to create a universal
wrappers to establish a consistent convention. A use of such wrapper
should indicate that a @system function call or language feature was
hand-verified.
Names and complete set of primitives are up for debate, but here is the
start:
https://gist.github.com/DmitryOlshansky/bc02f369c8a63818bd07
A bit of usage:
import core.stdc.string;
import trusted;
void main() @safe
{
char[] msg = "Hello!".dup;
char[] msg2 = msg;
import trusted; // may also use static import for absolute clarity
assert(call!memcmp(addrOf(msg[0]), addrOf(msg2[0]), msg.length) == 0);
}
What do you guys think?
--
Dmitry Olshansky
More information about the Digitalmars-d
mailing list