@trust is an encapsulation method, not an escape
Zach the Mystic via Digitalmars-d
digitalmars-d at puremagic.com
Fri Feb 6 10:30:01 PST 2015
On Friday, 6 February 2015 at 17:36:27 UTC, Atila Neves wrote:
>> I'm trying to promote suggesting '@system' blocks instead of
>> '@trusted'. '@trusted' functions, but '@system' blocks - which
>> can only go in @trusted functions (@system block in @system
>> functions are redundant). It's the same semantics, but it
>> might win the day because the intent is to isolate the @system
>> code, while still presenting a @trusted interface, as seems so
>> important to the leadership.
>
> That might be better than using @safe inside @trusted:
>
> @trusted void myfunc() {
> //implicitly safe
> ...
> @system { //wouldn't compile otherwise.
> auto ptr = cast(ubyte*)4;
> }
>
> //implicitly safe again
> }
Exactly. I think this addresses the concerns. If I read Walter's
OP correctly, it's precisely the use of the word '@trusted' that
he opposes, unless it's built into an interface like a function
signature. Also, a @system block could be one statement long, if
I'm not mistaken, in which case the above could look like:
@trusted void myfunc() {
//implicitly safe
...
@system auto ptr = cast(ubyte*)4;
//implicitly safe again
}
More information about the Digitalmars-d
mailing list