Simplification of @trusted

Steven Schveighoffer schveiguy at gmail.com
Wed Jun 16 13:25:09 UTC 2021


On 6/16/21 9:09 AM, Sönke Ludwig wrote:
> Am 16.06.2021 um 13:38 schrieb RazvanN:
>> Currently, @trusted applies only to functions. This is most of the 
>> times a pain when you want trusted code blocks inside functions. Why 
>> not simplify it a bit by using trusted scope blocks?
> 
> Yes, please! There are 800 of these in vibe.d alone. There has also been 
> an issue where the delegate workaround was erroneously flagged as a heap 
> delegate, causing considerable GC memory load.
> 
> `@trusted` *should* probably not even be available for functions (of 
> course it is not a desirable breaking change to disallow that now, though).

If I were to design it today:

- a @safe function could not call @trusted functions that gained 
implicit access to local data (i.e. inner functions, or non-static 
member functions from the same type).
- a @trusted function would be mechanically checked just like @safe, but 
could have @system blocks in them (where you could call @system 
functions, or do @system-like behaviors).

This at least puts the emphasis on where manual verification is 
required, but still has the compiler checking things I want it to check. 
Most times, I never want to write a fully marked @trusted function, 
because it's so easy to trust things you didn't intend to (like 
destructors).

-Steve


More information about the Digitalmars-d mailing list