@trust is an encapsulation method, not an escape

weaselcat via Digitalmars-d digitalmars-d at puremagic.com
Fri Feb 6 15:21:49 PST 2015


On Friday, 6 February 2015 at 23:02:54 UTC, Zach the Mystic wrote:

> No, at least three of us, Steven, H.S. Teoh and myself have 
> confirmed that we've moved beyond requesting @trusted blocks. 
> We are no longer requesting them. We are requesting *@system* 
> blocks, which can only appear in @trusted and @system 
> functions. Any unsafe code appearing in a @trusted function 
> which is not inside a @system block is an error. We've changed 
> the name, but I think it will make a world of difference 
> regarding how you will look at it. Marking '@system' code 
> inside a @trusted function is exactly what is requested. Your 
> message about '@trusted' being only acceptable as an interface 
> has been heard. There will be no @trusted blocks, only @system 
> blocks, which are the exact same thing, except they can only 
> appear in @trusted and @system functions.
>
> This solution appeals to me greatly. It pinpoints precisely 
> where unsafe code can generate; it catches unintended safety 
> violations in all @trusted code outside @system blocks, as 
> requested by many people so far; it makes systems programming 
> highly visible, with redundancy at the function signature and 
> at the unsafe code itself. I really think it's spot on!

this sounds interesting, is anyone going to make a DIP for it?


More information about the Digitalmars-d mailing list