Is @trusted the wrong direction?

Dominikus Dittes Scherkl dominikus at
Sun Nov 17 16:41:16 UTC 2019

On Sunday, 17 November 2019 at 14:37:16 UTC, Paolo Invernizzi 

> I remember a discussion some time ago about the overusing of 
> @trusted-as-a-super-thin-wrapper around @sytem calls, made by 
> Andrei and Walter over some parts of Phobos, and that proposed 
> work just walks towards that same direction.

I fully agree that a library wrapper around @trusted lambdas are 
a bad idea. They neither provide the desired short and readable 
syntax nor do they solve the three-state enum around safety.

But the small compiler-change proposed by anon5886 is really very 

> The point is, I'm against @trusted blocks, as I think it's more 
> clear to have a fundamental minimal aggregate of code 
> functionality: the function, as it's right now, especially for 
> a reviewer.
This will not change. The function keeps it info: it is @safe, so 
has to provide a memory-safe interface. It's only sightly more 
obvious to the reviewer, because he doesn't have to remember that 
@trusted is only and alias for @safe, from the caller point of 

> The mere fact that a reviewer must pay attention not only to 
> @trusted, but 'trusted' as a template, or why not '__trusted', 
> or 'this_is_trusted', and so on, it's just opening a can of 
> worms when you review unfamiliar codebase.
But this is exactly NOT he case. If he reviews a function that is 
marked @safe his alarm bells only need to ring, if the function 
contains a @trusted block. Nothing else. There are no trusted 
templates or macros or other __-stuff anymore.
But of course the whole function must be treated with care, if it 
contains a @trusted block, no change there. But the parts that 
need to be trusted should be as sparse as possible, and a short 
and clear syntax helps in doing this.
Editors can highlight @trusted blocks heavily and ugly, so you 
will automatically try to keep those sections as small as 
And no newbie is irritated anymore what this third thing between 
safe and system should be.

More information about the Digitalmars-d mailing list