misplaced @trust?

Andrei Alexandrescu via Digitalmars-d digitalmars-d at puremagic.com
Thu Feb 5 22:25:05 PST 2015


On 2/5/15 8:24 PM, Dicebot wrote:
> I referred to this fact with a comment "it is better to make no
> promises than to make one and break it". Simply dealing with
> unsafe language is something I got used to - all crashes and
> weird think become expected. It is totally different from seeing
> a memory corruption with @safe - "hey, you lied to me, it is not
> safe!". Because of that amount of responsibility reviewing
> @trusted is much higher than reviewing @system. I can do the
> latter because I don't pretend review to be perfect. With
> @trusted pressure is much harder.

Oh I understand. The notion of calibration comes to mind.

> What is worse, as it has been already mentioned, it is not just a
> one time effort - careful review necessity taints all code that
> gets called from @trusted code. With that much continuous effort
> required there feels no point in trying to go for @safe as
> opposed to just having @system everywhere and relying on
> old-school memory safety techniques.

I don't see it as bad, but I see what you're saying. Anyhow, it's likely 
we all grew tired of each other's arguments.

Probably best to stop here. Fresh perspectives would be great. Until 
then there is no change to @safe/@trusted/@system.


Thanks,

Andrei



More information about the Digitalmars-d mailing list