@trust is an encapsulation method, not an escape
Steven Schveighoffer via Digitalmars-d
digitalmars-d at puremagic.com
Sat Feb 7 03:32:43 PST 2015
On 2/6/15 4:36 PM, "Ola Fosheim =?UTF-8?B?R3LDuHN0YWQi?=
<ola.fosheim.grostad+dlang at gmail.com>" wrote:
> On Friday, 6 February 2015 at 20:13:18 UTC, Steven Schveighoffer wrote:
>> In the proposal, @trusted code is actually considered the same as
>> @safe, but allows @system escapes.
>
> But that can't work:
>
> @trusted_is_safe {
>
> auto tmp = get_hardware_config();
>
> @system{
> mess_up_hardware_config();
> }
>
> // now this unsafe call is called in a @safe context, but is unsafe...
> // DMD does not catch this, so "@trusted_is_safe" is broken
>
> call_safe_code_that_now_is_messed_up();
>
> @system{
> restore_hardware_config(tmp);
> }
> }
The idea is that @trusted code still has to be reviewed for memory
issues, but is mechanically checked for most of the function for obvious
@safe violations. It limits to a degree the scrutiny one must apply to
the @trusted function.
Remember, the whole point of a @trusted function is that it's manually
verified.
-Steve
More information about the Digitalmars-d
mailing list