@trust is an encapsulation method, not an escape
via Digitalmars-d
digitalmars-d at puremagic.com
Mon Feb 9 07:13:23 PST 2015
On Monday, 9 February 2015 at 14:40:36 UTC, Steven Schveighoffer
wrote:
> On 2/7/15 7:11 AM, "Ola Fosheim =?UTF-8?B?R3LDuHN0YWQi?=
> <ola.fosheim.grostad+dlang at gmail.com>" wrote:
>
>> You are trying to do this:
>>
>> 1. mechanically verify the whole @trusted region
>>
>> 2. manually verify the whole @trusted region, but be sloppy
>> about it
>> here an there
>>
>> 3. Ooops, we were sloppy in the wrong spot...
>
> No.
>
> A @trusted function is manually verified, period.
>
> But we also must tag potential points of leakage with @system.
> In fact, it probably could be a warning/error if you have a
> @trusted function without any @system escapes (it could just be
> marked @safe).
That's a nice migration path, btw. First, warn about @trusted
functions without @system blocks and don't enforce @safe-ty
inside them, later disallow them and do enforce @safe-ty in the
others.
More information about the Digitalmars-d
mailing list