[Issue 14125] std.file has gotten out of hand
via Digitalmars-d-bugs
digitalmars-d-bugs at puremagic.com
Wed Feb 4 15:54:17 PST 2015
https://issues.dlang.org/show_bug.cgi?id=14125
--- Comment #5 from Andrei Alexandrescu <andrei at erdani.com> ---
>I didn't look closely at std.file, but I think the consensus over the past several months is that @trusted should not be used if avoidable, and if it cannot be avoided, it should be limited to small chunks of code, usually factored out as small lambdas in the main function body which is marked @safe
[...]
>I don't know if this is the best way to do it, but this particular construct is quickly becoming an idiom in Phobos.
As I said, there's something to be said about the letter of the "law" and its
respective spirit. Anything good can be done in poor taste, and sadly std.file
is chock full of things done in perfectly poor taste. We must fix it asap, it's
a disaster area. If that is how D is meant to be used I don't want to use it.
Look a this pile of dung:
S readText(S = string)(in char[] name) @safe if (isSomeString!S)
{
import std.utf : validate;
static auto trustedCast(void[] buf) @trusted { return cast(S)buf; }
auto result = trustedCast(read(name));
validate(result);
return result;
}
How exactly does that scaffolding help a four liner? It takes longer to read
all that crap than to actually figure the function is correct!
Or look at this one:
ulong getSize(in char[] name) @safe
{
version(Windows)
{
with (getFileAttributesWin(name))
return makeUlong(nFileSizeLow, nFileSizeHigh);
}
else version(Posix)
{
static auto trustedStat(in char[] path, stat_t* buf) @trusted
{
return stat(path.tempCString(), buf);
}
static stat_t* ptrOfLocalVariable(return ref stat_t buf) @trusted
{
return &buf;
}
stat_t statbuf = void;
cenforce(trustedStat(name, ptrOfLocalVariable(statbuf)) == 0, name);
return statbuf.st_size;
}
}
How in the world is all that scaffolding help anyone with anything?
There is a place for the spirit. Clearly large unchecked swaths of @trusted
code work against quality, but there's a limit to it that std.file went way
beyond.
--
More information about the Digitalmars-d-bugs
mailing list