@trusted considered harmful
David Nadlinger
see at klickverbot.at
Sat Jul 28 16:40:05 PDT 2012
On Saturday, 28 July 2012 at 21:03:20 UTC, Jonathan M Davis wrote:
> On Saturday, July 28, 2012 22:52:32 David Nadlinger wrote:
>> Maybe it would be a good idea to also allow
>> `@trusted(emplace!S)(mem, cast(S)(*_range).save)`, with
>> semantics
>> similar to TRUSTED? Or even applying @trusted to arbitrary
>> expressions, similar to `checked` in C#?
>
> Even the cast is unsafe. Basically, that entire line is @system
> and needs to
> be @trusted except for (*_range).save.
Aww, snap, missed that. Saving (*_range).save to a temporary
would introduce an unnecessary copy, right?
In any case, I've found TRUSTED to be convenient when dealing
with incorrectly marked Phobos/C library functions, but I'm still
unsure it is worth the added maintenance liabilities incurred by
it being non-standard. It certainly isn't a replacement for
@trusted blocks.
Maybe allowing to apply @trusted at both expression and »block«
level would really be an interesting direction: I've had a look
at C#'s checked/unchecked keywords [1], which enable/disable
integer overflow checking, and they work exactly like that.
I must admit that I never actually used them in the little amount
of C# code I wrote so far, but C# is generally regarded to be a
well-designed language and similar enough to D that this makes me
quite confident that implementing @trusted like that could be
pulled off without feeling overly alien.
This still wouldn't solve your save() problem, though, as it acts
»the wrong way« round, so I'm not sure if it would be worth the
added complexity over allowing it just at the statement level…
David
[1] http://msdn.microsoft.com/en-us/library/74b4xzyw(v=vs.80).aspx
More information about the Digitalmars-d
mailing list