@trust is an encapsulation method, not an escape
Steven Schveighoffer via Digitalmars-d
digitalmars-d at puremagic.com
Sat Feb 7 04:14:51 PST 2015
On 2/6/15 8:43 PM, Andrei Alexandrescu wrote:
> On 2/6/15 3:21 PM, weaselcat wrote:
>> On Friday, 6 February 2015 at 23:02:54 UTC, Zach the Mystic wrote:
>>
>>> No, at least three of us, Steven, H.S. Teoh and myself have confirmed
>>> that we've moved beyond requesting @trusted blocks. We are no longer
>>> requesting them. We are requesting *@system* blocks, which can only
>>> appear in @trusted and @system functions. Any unsafe code appearing in
>>> a @trusted function which is not inside a @system block is an error.
>>> We've changed the name, but I think it will make a world of difference
>>> regarding how you will look at it. Marking '@system' code inside a
>>> @trusted function is exactly what is requested. Your message about
>>> '@trusted' being only acceptable as an interface has been heard. There
>>> will be no @trusted blocks, only @system blocks, which are the exact
>>> same thing, except they can only appear in @trusted and @system
>>> functions.
>>>
>>> This solution appeals to me greatly. It pinpoints precisely where
>>> unsafe code can generate; it catches unintended safety violations in
>>> all @trusted code outside @system blocks, as requested by many people
>>> so far; it makes systems programming highly visible, with redundancy
>>> at the function signature and at the unsafe code itself. I really
>>> think it's spot on!
>>
>> this sounds interesting, is anyone going to make a DIP for it?
>
> Consider the previous code:
>
> https://github.com/D-Programming-Language/phobos/blob/accb351b96bb04a6890bb7df018749337e55eccc/std/file.d#L194
>
>
> that got replaced with:
>
> https://github.com/D-Programming-Language/phobos/blob/master/std/file.d#L194
>
>
> With the system proposal we're looking at something like:
Please understand, Nobody is saying "let's replace incorrect code with
the same incorrect code with different tags!"
The idea is to properly identify which code needs more scrutiny, and
keep the mechanical checking of @safe where we can.
-Steve
More information about the Digitalmars-d
mailing list