misplaced @trust?
Steven Schveighoffer via Digitalmars-d
digitalmars-d at puremagic.com
Thu Feb 5 12:18:44 PST 2015
On 2/5/15 2:49 PM, Andrei Alexandrescu wrote:
> On 2/5/15 11:17 AM, H. S. Teoh via Digitalmars-d wrote:
>> In short, my proposal is:
>
> Tainted variables are an interesting topic, but quite distinct from the
> notion of separating safe code from unsafe code.
>
> As much as I was shocked about the use of @trusted/@safe/@system in
> std.file, std.array and sadly possibly in other places, I found no
> evidence that the feature is misdesigned. I continue to consider it a
> simple, sound, and very effective method of building and interfacing
> robust code. An excellent engineering solution that offers a lot of
> power at a modest cost.
>
> I do not support this proposal to change the semantics of
> @trusted/@safe/@system. A separate tainted data proposal might be of
> interest for loosely related topics.
The proposal (the original one I stated, not H.S.'s) is to do 2 things:
1. Clean up the syntax for @trusted escapes inside @safe code that we
have settled on.
2. Add a mechanism to make those escapes safer and more reviewable.
I don't think the idea behind @trusted is incorrect, just that the idea
it's a function attribute is mis-designed.
Note that in my proposal, you can essentially create a @trusted function
just by marking the whole thing @trusted:
-Steve
More information about the Digitalmars-d
mailing list