@trust is an encapsulation method, not an escape
Steven Schveighoffer via Digitalmars-d
digitalmars-d at puremagic.com
Mon Feb 9 07:50:48 PST 2015
On 2/9/15 10:13 AM, "Marc =?UTF-8?B?U2Now7x0eiI=?= <schuetzm at gmx.net>"
wrote:
> On Monday, 9 February 2015 at 14:40:36 UTC, Steven Schveighoffer wrote:
>> On 2/7/15 7:11 AM, "Ola Fosheim =?UTF-8?B?R3LDuHN0YWQi?=
>> <ola.fosheim.grostad+dlang at gmail.com>" wrote:
>>
>>> You are trying to do this:
>>>
>>> 1. mechanically verify the whole @trusted region
>>>
>>> 2. manually verify the whole @trusted region, but be sloppy about it
>>> here an there
>>>
>>> 3. Ooops, we were sloppy in the wrong spot...
>>
>> No.
>>
>> A @trusted function is manually verified, period.
>>
>> But we also must tag potential points of leakage with @system. In
>> fact, it probably could be a warning/error if you have a @trusted
>> function without any @system escapes (it could just be marked @safe).
>
> That's a nice migration path, btw. First, warn about @trusted functions
> without @system blocks and don't enforce @safe-ty inside them, later
> disallow them and do enforce @safe-ty in the others.
Yes, that solves the problem of breaking code with this... Nice idea.
-Steve
More information about the Digitalmars-d
mailing list