misplaced @trust?
Steven Schveighoffer via Digitalmars-d
digitalmars-d at puremagic.com
Thu Feb 5 12:14:18 PST 2015
On 2/5/15 2:43 PM, H. S. Teoh via Digitalmars-d wrote:
> The idea is that while we would like the compiler to mechanically verify
> *everything*, in practice there are some things that the compiler simply
> cannot verify. Since those remaining things require human effort to
> verify and humans are prone to errors, we would like to limit the scope
> of those things by confining them inside @trusted functions, which,
> ideally, would be few in number and limited in scope. Everything else
> should be relegated to @safe functions, where we *require* completely
> automated verification by the compiler.
What's the difference between an internal scope and a separate function
scope? That is, a static internal function can simply be a private
module function and have the same effect.
I don't see how your proposal is more safe than mine, or that somehow I
can expect a @safe function never to have manually verified code that it
uses.
-Steve
More information about the Digitalmars-d
mailing list