@trusted attribute should be replaced with @trusted blocks

Joseph Rushton Wakeling joseph.wakeling at webdrake.net
Wed Jan 15 23:01:57 UTC 2020


On Wednesday, 15 January 2020 at 21:17:38 UTC, IGotD- wrote:
> This is why I think it should be removed. In my world there is 
> no "trust the human".

Presumably your programs are therefore self-crafted binary, since 
you couldn't possibly trust the humans who wrote the standard 
library to write valid code, or the compiler writers to translate 
it correctly into machine instructions? :-)

> Also @trusted in kind of backwards. It should be the caller 
> that designate a call or operation trusted, not the the 
> function that you call. Otherwise it is like asking car sales 
> man if I can trust him.

I think you're getting caught up on the choice of terminology.  
It's just a hierarchy of guarantees:

   @safe -- this function should behave in a memory-safe way for 
all possible inputs you can provide, and this can be validated by 
the compiler

   @trusted -- this function should behave in a memory-safe way 
for all possible inputs you can provide, but this has been 
validated by the developer, and cannot be automatically validated 
by the compiler

   @system -- some of the possible inputs to this function will 
cause it to behave in a memory-unsafe way

You don't have to like the choice of keywords, but you should 
recognize that they describe valuable distinctions.  There are 
some nice examples of how these distinctions are useful in the 
article linked to above.


More information about the Digitalmars-d mailing list