@trusted considered harmful

Martin Nowak code at dawg.eu
Thu Feb 14 20:09:35 PST 2013


On 02/15/2013 03:49 AM, David Nadlinger wrote:
 > On Fri, Feb 15, 2013 at 3:31 AM, Martin Nowak <code at dawg.eu> wrote:
 >> Having the distinction at the API level makes perfectly sense for this.
 >
 > Sorry, but where is the argument here?
 >
 > David

If you switch the perspective @trusted allows you to put a constrain on 
code. Especially you can chose to NOT trust.
The SafeD compiler was not a good example because you have the source 
code at hand and could inspect it for @trusted blocks.
But if you think of Chromes Native Client it becomes extremely valuable 
that one could distinguish a function that requires trusting vs. a 
function that is safe at the ABI level. One could for example intercept 
and disallow function calls to @trusted functions if a certain plugin is 
not trusted by the user.


More information about the Digitalmars-d mailing list