@trust is an encapsulation method, not an escape

Walter Bright via Digitalmars-d digitalmars-d at puremagic.com
Thu Feb 5 20:21:12 PST 2015


On 2/5/2015 7:39 PM, Zach the Mystic wrote:
> On Friday, 6 February 2015 at 03:14:59 UTC, Walter Bright wrote:
>> I don't see how any proposal can work unless it specifies a safe interface to
>> an unsafe section of code. (I read a Rust tutorial that rather bluntly pointed
>> this out as well.)
>
> Link?

"A non-unsafe function using unsafe internally should be implemented to be safe 
to call; that is, there is no circumstance or set of arguments that can make the 
function violate any invariants. If there are such circumstances, it should be 
marked unsafe."

"However, this is not the case, unsafe is just an implementation detail; if a 
safe function uses unsafe internally, it just means the author has been forced 
to step around the type system, but still exposes a safe interface."

http://huonw.github.io/blog/2014/07/what-does-rusts-unsafe-mean/


More information about the Digitalmars-d mailing list