@trust is an encapsulation method, not an escape

Zach the Mystic via Digitalmars-d digitalmars-d at puremagic.com
Fri Feb 6 10:53:01 PST 2015


On Friday, 6 February 2015 at 17:12:40 UTC, David Nadlinger wrote:
> It seems obvious that explicitly whitelisting a small number of 
> potentially dangerous but safe operations is much less 
> error-prone approach than disabling compiler checks for 
> everything and then having to remember to blacklist all 
> unverified external dependencies.
>
> David

That seems obvious to me too. Isn't the whole purpose of having 
'@trusted' in the first place to direct a programmer who's having 
memory safety problems to the potential sources those problems? 
But why have this and then stop at the function level? Why not 
force the programmer to tag precisely those portions of his code 
which cause him to tag his function @trusted to begin with? Why 
help him get to the function, and then leave him hanging out to 
dry once inside the function?


More information about the Digitalmars-d mailing list