misplaced @trust?
Steven Schveighoffer via Digitalmars-d
digitalmars-d at puremagic.com
Thu Feb 5 12:25:45 PST 2015
On 2/5/15 3:13 PM, Walter Bright wrote:
> On 2/5/2015 11:49 AM, Andrei Alexandrescu wrote:
>> As much as I was shocked about the use of @trusted/@safe/@system in
>> std.file,
>> std.array and sadly possibly in other places, I found no evidence that
>> the
>> feature is misdesigned. I continue to consider it a simple, sound, and
>> very
>> effective method of building and interfacing robust code. An excellent
>> engineering solution that offers a lot of power at a modest cost.
>>
>> I do not support this proposal to change the semantics of
>> @trusted/@safe/@system.
>
> I agree.
>
> So the question is, what does @trusted actually buy you, since the
> compiler can't check it?
>
> It serves as notice that "This function merits special attention during
> code review to check that it has a safe interface and that its
> implementation is correct."
>
That also applies to @safe functions since they can call @trusted
functions. In essense, @trusted buys you headaches. I think we should
try to lessen them.
-Steve
More information about the Digitalmars-d
mailing list