@trusted AKA most useless statement ever
Steven Schveighoffer via Digitalmars-d
digitalmars-d at puremagic.com
Fri Nov 25 07:54:45 PST 2016
On 11/25/16 5:14 AM, Satoshi wrote:
> Simply, it should be replaced by:
>
> void safeFunc() @safe {
> unsafe {
> auto vi = doUnsafeCall();
> }
> }
>
> @trusted functions are prohibited by d-idiom (so I don't know why are
> still in D).
No, they are not. @trusted escapes are for use when you can reasonably
write most of the code with @safe (and get the benefits of the comipler
checking safety for you). If you can't reasonably do that, you mark the
whole function @trusted.
> So, when I need to create a simple window with OpenGL context I need to
> write about 10-15 calls to system functions. But D-idiom[1] for @trusted
> tells me to make @trusted functions as small as possible. OK, it makes
> sense.
>
> but writing 20 times something like:
> auto vi = (() @trusted => glXChooseXFBConfig(...))();
>
> or:
> auto vi = () @trusted { return glXChooseXFBConfig(...); }();
>
> is annoying and just forced me to mark whole class with @trusted...
Marking the whole class as @trusted is fine. "As small as possible"
might mean you have to mark the whole thing as @trusted, because no code
can be reasonably marked @safe.
Without seeing your function, I can't say what the best marking should
be, so maybe it does make sense to add all those trusted escapes. It's
also possible to simply have an inner function marked @trusted, that
does the same thing, but is less verbose.
The idea behind @trusted is to mark code as "this needs to be manually
checked by hand". Any time you have @safe code, but your @trusted
escapes mean that the @safe code also needs to be checked, you have
mismarked it.
-Steve
More information about the Digitalmars-d
mailing list