@trusted attribute should be replaced with @trusted blocks

IGotD- nise at nise.com
Thu Jan 16 10:58:33 UTC 2020

On Thursday, 16 January 2020 at 10:44:56 UTC, Patrick Schluter 
> No, that's where you're wrong. @trusted gives the same 
> guarantees than @safe. The only difference is that @safe can 
> automatically be checked and @trusted cannot. ANY memory 
> violation in a trusted code is a BUG and the responsibility of 
> the programmer.

Then we can remove @safe all together and trust the programmer to 
only use the safe subset of D.

> That's why @trusted is important and should be only applied to 
> the parts that cannot be checked by the compiler.

Then trusted is as good as putting a comment in the code.

> All interactions have to be done via parameters which scopes 
> and lifetimes are known. This is not the case with simple 
> scopes. So the difference between the two is the ABI which adds 
> some guarantees that a simple scope cannot (see Steven 
> Schveighofer's example).

Yes, so if safe code can only call function with the safe 
attribute but can have @system blocks in it. This is the same 
thing as trusted. This is very similar to another language and I 
think it at least got that part right.

More information about the Digitalmars-d mailing list