@trusted attribute should be replaced with @trusted blocks

Joseph Rushton Wakeling joseph.wakeling at webdrake.net
Wed Jan 15 19:49:53 UTC 2020

On Wednesday, 15 January 2020 at 19:27:42 UTC, IGotD- wrote:
> On Wednesday, 15 January 2020 at 14:30:02 UTC, Ogi wrote:
>> Without @trusted the safety design will be much simpler to 
>> grasp. Currently the are three vague keywords, complex rules 
>> on which functions can call which and best practices on which 
>> attribute you should choose.
> I also don't understand what's the point with @trusted. Should 
> it only be used as a trampoline for safe code into the unknown 
> or "some holds allowed" like something in between @system and 
> @safe. I find this highly confusing. It's like x86 protection 
> rings (ring 0 - 3) where rings 1 - 2 are seldom used.
> If you think about it @trusted is not necessary as you say that 
> @trusted "must be manually verified", aka unsafe.

No.  @trusted is about saying "This function should be safe to 
use, but that safety has been designed by the developer rather 
than being automatically verifiable by the compiler."

Contrast with @system which can be applied to functions that are 
inherently not guaranteed to be safe -- e.g. where the safety (or 
not) depends on what input the user provides.

More information about the Digitalmars-d mailing list