@trust is an encapsulation method, not an escape
Dicebot via Digitalmars-d
digitalmars-d at puremagic.com
Thu Feb 5 16:13:43 PST 2015
On Friday, 6 February 2015 at 00:04:26 UTC, Walter Bright wrote:
> On 2/5/2015 3:43 PM, Dicebot wrote:
>> The fact that @trusted is contained in small block doesn't
>> mean rest of @safe
>> function doesn't need to be reviewed. Only difference is
>> "review all manually"
>> vs "review all manually with some help of compiler".
>
> I did a review of all uses of @trusted in std.array:
>
> https://issues.dlang.org/show_bug.cgi?id=14127
>
> About 90% of them resulted in the injection of unsafe code into
> safe functions, requiring a safety review of those allegedly
> mechanically checkable functions.
Yes, that was intended and not accidental. Again, we were dealing
with limited set of faulty tools. Things got inevitably hacky.
> By definition, if an @trusted function presents itself with a
> safe interface, the calling code does not have to be reviewed.
> And reviewing the interface is a heluva lot easier than the
> whole rest of the code.
I know this definition. It have tried it in practice and
concluded as being absolutely useless. There is no way I am going
to return back to this broken concept - better to ignore @safe
completely as misfeature if you insist on doing things that way.
More information about the Digitalmars-d
mailing list