@trust is an encapsulation method, not an escape
Steven Schveighoffer via Digitalmars-d
digitalmars-d at puremagic.com
Fri Feb 6 12:13:17 PST 2015
On 2/6/15 3:02 PM, "Ola Fosheim =?UTF-8?B?R3LDuHN0YWQi?=
<ola.fosheim.grostad+dlang at gmail.com>" wrote:
> On Friday, 6 February 2015 at 18:51:34 UTC, Steven Schveighoffer wrote:
>> I see the point now that making sure @safe functions don't have
>> escapes has the advantage of not requiring *as much* review as a
>> @system or @trusted function. I am leaning so much towards H.S. Teoh's
>> solution of making @trusted safe by default, and allowing escapes into
>> @system code. That seems like the right abstraction.
>
> Just to make sure that I got this right:
>
> I don't really understand why you need to escape to @system from
> @trusted. Isn't @trusted the same as @system but with a seal that says
> that it has been manually verified to be memory safe? @system simply
> allows the same internal semantics as @trusted but with no such declared
> guarantee to the caller?
In the proposal, @trusted code is actually considered the same as @safe,
but allows @system escapes.
I don't have any time to read your further points, but I will catch up
with them later, sorry!
-Steve
More information about the Digitalmars-d
mailing list