@trust is an encapsulation method, not an escape
Zach the Mystic via Digitalmars-d
digitalmars-d at puremagic.com
Fri Feb 6 09:23:03 PST 2015
On Friday, 6 February 2015 at 17:12:40 UTC, David Nadlinger wrote:
> Let's say you have a template function that accepts a range.
> For performance, you want to do some of the processing in a way
> that is @system, but can be verified to be correct for all
> inputs in this specific case. In other words, that piece of
> code can be rightfully @trusted. However, marking the whole
> function as @trusted would be a mistake, as the primitives of
> the range that is your input data might be @system.
>
> Using @trusted blocks (which is what is currently emulated by
> the nested functions/lambdas), you can just mark your unsafe
> code as @trusted and let the compiler figure out the safety of
> the whole function. @safe blocks wouldn't work for this, as
> you'd inadvertently require the user-supplied input range to
> have @safe/@trusted primitives.
I'm trying to promote suggesting '@system' blocks instead of
'@trusted'. '@trusted' functions, but '@system' blocks - which
can only go in @trusted functions (@system block in @system
functions are redundant). It's the same semantics, but it might
win the day because the intent is to isolate the @system code,
while still presenting a @trusted interface, as seems so
important to the leadership.
More information about the Digitalmars-d
mailing list