Encapsulating trust
Daniel Murphy via Digitalmars-d
digitalmars-d at puremagic.com
Mon Sep 1 11:29:41 PDT 2014
"monarch_dodra" wrote in message
news:wvslfmdauwupzioryhgq at forum.dlang.org...
> I meant it mostly in that the proposal to mark the entire function as
> @trusted isn't even *applicable* to template functions.
That isn't what I was proposing. Using a trusted nested or lambda function
is fine, but it should not be possible to violate @safe by changing only the
enclosing function.
eg making a trustedMemcpy is just as much a violation of @safe as marking
the actual memcpy as @safe. It still relies on the calling function being
manually verified not to call it incorrectly. If your calling function
needs to be manually verified, it should be @trusted. If it can't be
manually verified, it should be @system.
More information about the Digitalmars-d
mailing list