Encapsulating trust
via Digitalmars-d
digitalmars-d at puremagic.com
Tue Sep 2 07:46:35 PDT 2014
On Tuesday, 2 September 2014 at 14:10:39 UTC, Dmitry Olshansky
wrote:
> 02-Sep-2014 15:37, "Marc Schütz" <schuetzm at gmx.net>" пишет:
>> On Tuesday, 2 September 2014 at 11:30:43 UTC, ketmar via
>> Digitalmars-d
>> wrote:
>>> let me ask it again:
>>> how, in the name of hell, having handy sugar for the thing
>>> that is
>>> *already* in the language can hurt us here?
>>
>> In this particular case:
>>
>> Because it _is_ handy. It shouldn't be. It's supposed to be
>> ugly, to
>> make you think twice whether you actually want to use it.
>>
>> Besides, as was already mentioned, 'grep -r @trusted' wouldn't
>> work
>> anymore.
>
> Making things ugly doesn't make them safe or easier to verify.
> Somehow people expect the opposite, but just take a look at
> e.g. OpenSSL :)
>
> Slapping @trusted across whole functions just blurs the scope
> of system code (where? what was system? or maybe it's that
> pointer ... it's really hard to analyze afterwards).
I agree, it needs to be as fine-grained as possible. I just
happen to believe that the suggested template wrappers are not a
good idea.
Note that my post was in response to the question how "having
handy sugar [...] can hurt us here". That doesn't automatically
mean that the alternatives are perfect.
More information about the Digitalmars-d
mailing list