Encapsulating trust
monarch_dodra via Digitalmars-d
digitalmars-d at puremagic.com
Mon Sep 1 11:10:44 PDT 2014
On Monday, 1 September 2014 at 17:59:07 UTC, Dicebot wrote:
> On Monday, 1 September 2014 at 17:48:59 UTC, monarch_dodra
> wrote:
>> I feels like you are missing the point of the @trusted lambda
>> construct, in that is meant to be used in generic code, where
>> you know a *piece* of a function is provably safe (eg:
>> @trusted), but not all of it: The rest of the code depends on
>> the inferred attributes of the parameter-dependent code.
>>
>> If your function is not generic, then just mark it as
>> @trusted, and then that's that.
>
> I totally disagree. Marking whole function @trusted (unless
> those are extern(C)) is an abomination we should try to get rid
> of. Trusted lambda must encapsulate minimal amount of code
> possible together with all data validation if
> necessary.Anything else simply does not scale with maintenance
> and is likely to introduce holes in @safe.
I meant it mostly in that the proposal to mark the entire
function as @trusted isn't even *applicable* to template
functions.
I agree with you.
More information about the Digitalmars-d
mailing list