Simplification of @trusted
Bruce Carneal
bcarneal at gmail.com
Tue Jul 13 14:34:43 UTC 2021
On Sunday, 11 July 2021 at 08:36:33 UTC, Per Nordlöw wrote:
> On Wednesday, 16 June 2021 at 15:37:22 UTC, H. S. Teoh wrote:
>> This isn't the first time it was suggested. Way back when, it
>> was brought up and rejected because Walter thought that
>> @trusted blocks should be discouraged, and therefore should be
>> ugly to write. It was extensively argued, but Walter
>> preferred the "trusted lambda idiom", precisely because it was
>> ugly, required effort to write, and therefore deters casual
>> (ab)uses of @trusted.
>
> Rust, C#, V all use
>
> unsafe { ... }
>
> Can we please allow
>
> unsafe { ... }
>
> , Walter?
>
> It's trivial to grep for `@trusted` to find all possible safety
> violations in projects.
Localization/minimization of code that must be reviewed for basic
safety is very desirable. The quiet pollution caused by a nested
non-static @trusted lambda within code marked @safe is not.
IIUC, ongoing tolerance of such lambdas means that all @safe code
must be grepped/reviewed or else blindly trusted. IOW, as things
stand currently, @safe code bodies must be treated as @trusted
until manually proven otherwise.
My preference is to move in the other direction, towards @safe
checking-by-default within @trusted blocks with @system syntax to
escape from there (a backwards compatible transition proposal for
this with simple syntax to be discussed at July beerconf).
More information about the Digitalmars-d
mailing list