Encapsulating trust
monarch_dodra via Digitalmars-d
digitalmars-d at puremagic.com
Tue Sep 2 08:35:56 PDT 2014
On Tuesday, 2 September 2014 at 14:33:53 UTC, Dmitry Olshansky
wrote:
> 31-Aug-2014 17:47, Dmitry Olshansky пишет:
>> Quite recently a lot of work has been done to make most of
>> Phobos usable
>> in @safe code.
> ...
>>
>> What do you guys think?
>>
>
> Probably a lot of people missed the point that if we
> standardize a few idioms (dangerous but at least centralized)
> we at least can conveniently contain the "abuse" of @trusted to
> the select standard module. Else it *will* be abused in a
> multitude of ways anyway.
I think it's probably hard to appreciate where you are coming
from, until you've reviewed code for things such as Appender
and/or emplace. I swear there was 1 point where roughly 25% of
the lines of code in that thing where wrapped in a trusted lambda.
1 issue I find with your proposal, is (personally), I've seldom
had to *call* unsafe functions in a trusted fashion, but rather,
had to do unsafe *things*:
if (capacity > slice.length)
slice = @trusted(){return slice.ptr[0 .. slice.length +
1];}();
In such context, "call!" wouldn't help much. That said, there are
also plenty of cases where we call memcpy (just grep
"trustedMemcpy" in phobos), where your proposal would help.
Also: There's already a help "addressOf" somewhere in phobos.
It's meant mostly to take the address of property return values.
Instead of providing "addressOf" in std.trusted, you could simply
do a "call!" of the not-trusted generic "addressOf". Just a
thought.
More information about the Digitalmars-d
mailing list