Simplification of @trusted
Ola Fosheim Grøstad
ola.fosheim.grostad at gmail.com
Thu Jun 17 17:24:27 UTC 2021
On Thursday, 17 June 2021 at 15:08:53 UTC, Dukc wrote:
> No language can do this. C++ API does not provide any safety
> guarantees, so calling a C++ function means that it needs to be
> manually verified, or it's authors trusted, BY DEFINITION.
Sure, but that is obviously not enough. Because what is being
said implies that @trusted code have to assume that anything it
receives that isn't pointers can be garbage and that such garbage
should never lead to memory unsafety even if _you know_ that the
@trusted function never receives garbage.
> If that's the case, the only conclusion I can draw is that D
> philosophy is fundamentally wrong from your point of view. D is
> all about letting the programmer pick the paradigm according to
> the situation, instead of being designed for just one of them.
> This philosophy is rooted so deep that if it proves to be just
> plain wrong, were best off to just ditch D and switch to other
> languages.
>
> I sure hope that won't happen.
My conclusion so far is that it is unrealistic to think that
anyone would write code that satisfies that requirements put upon
@trusted functions for a program the size of a desktop
application.
It is even unrealistic to think that the average D programmer
will understand what the requirements for @trusted are!
More information about the Digitalmars-d
mailing list