Encapsulating trust
Dicebot via Digitalmars-d
digitalmars-d at puremagic.com
Mon Sep 1 10:59:05 PDT 2014
On Monday, 1 September 2014 at 17:48:59 UTC, monarch_dodra wrote:
> I feels like you are missing the point of the @trusted lambda
> construct, in that is meant to be used in generic code, where
> you know a *piece* of a function is provably safe (eg:
> @trusted), but not all of it: The rest of the code depends on
> the inferred attributes of the parameter-dependent code.
>
> If your function is not generic, then just mark it as @trusted,
> and then that's that.
I totally disagree. Marking whole function @trusted (unless those
are extern(C)) is an abomination we should try to get rid of.
Trusted lambda must encapsulate minimal amount of code possible
together with all data validation if necessary.Anything else
simply does not scale with maintenance and is likely to introduce
holes in @safe.
More information about the Digitalmars-d
mailing list