@trusted attribute should be replaced with @trusted blocks
Joseph Rushton Wakeling
joseph.wakeling at webdrake.net
Wed Jan 15 23:01:57 UTC 2020
On Wednesday, 15 January 2020 at 21:17:38 UTC, IGotD- wrote:
> This is why I think it should be removed. In my world there is
> no "trust the human".
Presumably your programs are therefore self-crafted binary, since
you couldn't possibly trust the humans who wrote the standard
library to write valid code, or the compiler writers to translate
it correctly into machine instructions? :-)
> Also @trusted in kind of backwards. It should be the caller
> that designate a call or operation trusted, not the the
> function that you call. Otherwise it is like asking car sales
> man if I can trust him.
I think you're getting caught up on the choice of terminology.
It's just a hierarchy of guarantees:
@safe -- this function should behave in a memory-safe way for
all possible inputs you can provide, and this can be validated by
@trusted -- this function should behave in a memory-safe way
for all possible inputs you can provide, but this has been
validated by the developer, and cannot be automatically validated
by the compiler
@system -- some of the possible inputs to this function will
cause it to behave in a memory-unsafe way
You don't have to like the choice of keywords, but you should
recognize that they describe valuable distinctions. There are
some nice examples of how these distinctions are useful in the
article linked to above.
More information about the Digitalmars-d