Trusted Manifesto

Dicebot via Digitalmars-d digitalmars-d at puremagic.com
Mon Feb 9 01:36:06 PST 2015


>   string toUpper(string s) @safe
>   {
>      char[] r = new char[s.length];
>      foreach (i, c; s)
> 	r[i] = toUpper(c);
>      return cast(string)r; // <== unsafe operation
>   }

Shouldn't that be `return assumeUnique(r)` instead?

What about requiring to put in-code comment that mentions 
condition verified safety relies on? (here - actual uniqueness of 
r)

> Introducing the 'trusted' template to be put in std.conv:
> 
> @trusted auto trusted(alias fun)() { return fun(); }

Is this guaranteed to be inlined in frontend?

Shouldn't it better be called `system` to denote operation is not 
actually trusted?

-----------------------

In general, this is surprisingly good manifesto. The way it 
started I have abandoned all hope for any pragmatical compromise 
but it does address many of issues mentioned in discussion.


More information about the Digitalmars-d mailing list