Encapsulating trust

Walter Bright via Digitalmars-d digitalmars-d at puremagic.com
Tue Sep 2 12:10:20 PDT 2014


On 9/2/2014 7:07 AM, Dmitry Olshansky wrote:
>  Make distinctive name like assumeSafe and it's going to be trivially grepable.

We already have a distinctive name, @trusted. Adding an panopoly of more names 
make it not so trivially greppable.


> So there is need, but somehow requires a bunch of useless boilerplate, like
> repeating arguments and inventing creative names for local functions.

In the example I gave, it wasn't actually necessary to repeat the arguments. 
This will work as well:

       void checkEquals() @trusted {
          assert(msg.length == msg2.length);
          assert(memcmp(msg.ptr, msg2.ptr, msg.length) == 0);
        }

But the parameterized one was better encapsulated by being pure.


> So you think adding boilerplate will make function more easily verifiable?

Encapsulating the trusted operation, not the components of the trusted 
operation, make it more easily verifiable.



More information about the Digitalmars-d mailing list