@trusted attribute should be replaced with @trusted blocks

IGotD- nise at nise.com
Thu Jan 16 17:15:28 UTC 2020

On Thursday, 16 January 2020 at 15:29:58 UTC, Ola Fosheim Grøstad 
> On Thursday, 16 January 2020 at 15:12:07 UTC, Paul Backus wrote:
> It wasn't really clear what "IGotD-" meant. Although I suspect 
> he was ironic, but if taken literally it would be fair to say 
> that what D has is pretty much the same as this: assume all 
> code is written as memory safe code and add an escape that 
> allows for writing unsafe constructs adorned with a comment 
> that says that code is trusted... except you also need to mark 
> functions as unsafe. Not really a big shift from Rust, except 
> Rust provides dedicated typing-constructs for doing unsafe 
> operations like dealing with uninitialized variables.

Yes, kind of.

It similar what ag0aep6g described in alternative 3.

On Thursday, 16 January 2020 at 16:56:17 UTC, ag0aep6g wrote:
> 3) @safe code can contain @trusted parts (blocks/lambdas). 
> Those @trusted parts may rely on the surrounding @safe code for 
> safety. The @safe parts are effectively in a third state: 
> Mechanical checks are performed, but manual checks are still 
> needed to verify the interaction with the @trusted parts.

but the difference is that we don't need @trusted. We can let 
@system rely on the safety of the surrounding safe block. I can't 
see how this really different from having that extra @trusted 
attribute. I might have forgotten to tell that we need this extra 
@system {} block.

More information about the Digitalmars-d mailing list