Encapsulating trust

monarch_dodra via Digitalmars-d digitalmars-d at puremagic.com
Tue Sep 2 08:35:56 PDT 2014


On Tuesday, 2 September 2014 at 14:33:53 UTC, Dmitry Olshansky 
wrote:
> 31-Aug-2014 17:47, Dmitry Olshansky пишет:
>> Quite recently a lot of work has been done to make most of 
>> Phobos usable
>> in @safe code.
> ...
>>
>> What do you guys think?
>>
>
> Probably a lot of people missed the point that if we 
> standardize a few idioms (dangerous but at least centralized) 
> we at least can conveniently contain the "abuse" of @trusted to 
> the select standard module. Else it *will* be abused in a 
> multitude of ways anyway.

I think it's probably hard to appreciate where you are coming 
from, until you've reviewed code for things such as Appender 
and/or emplace. I swear there was 1 point where roughly 25% of 
the lines of code in that thing where wrapped in a trusted lambda.

1 issue I find with your proposal, is (personally), I've seldom 
had to *call* unsafe functions in a trusted fashion, but rather, 
had to do unsafe *things*:

if (capacity > slice.length)
     slice = @trusted(){return slice.ptr[0 .. slice.length + 
1];}();

In such context, "call!" wouldn't help much. That said, there are 
also plenty of cases where we call memcpy (just grep 
"trustedMemcpy" in phobos), where your proposal would help.

Also: There's already a help "addressOf" somewhere in phobos. 
It's meant mostly to take the address of property return values. 
Instead of providing "addressOf" in std.trusted, you could simply 
do a "call!" of the not-trusted generic "addressOf". Just a 
thought.


More information about the Digitalmars-d mailing list