@system blocks and safer @trusted (ST) functions
Bruce Carneal
bcarneal at gmail.com
Sun Jul 25 14:34:27 UTC 2021
On Sunday, 25 July 2021 at 14:13:45 UTC, Paul Backus wrote:
> On Sunday, 25 July 2021 at 13:55:14 UTC, Bruce Carneal wrote:
>> The improvements on the status quo include the ability to
>> easily delimit "should check *very* closely" code and the
>> corresponding ability to engage @safety checking on any
>> remainder.
>
> We already have this ability: simply avoid writing `@trusted`
> code whose safety depends on out-of-band knowledge about
> `@safe` code, and enforce this practice via code review.
>
> As I've discussed previously [1], there is no way to enforce
> this at the language level, because the language does not (and
> cannot possibly) know what knowledge `@trusted` code depends on
> for its memory safety.
>
> [1]
> https://forum.dlang.org/post/auqcjtbbamviembvcaps@forum.dlang.org
I'd like to have assistance from the compiler to the maximum
extent possible and then conduct the code review(s). Assuming
low (near zero) false positives out of the compiler, I'm not sure
why one would prefer manual checking when compiler checking was
available, but that option is certainly available in both the
current and proposed environments.
More information about the Digitalmars-d
mailing list