@trust is an encapsulation method, not an escape
Zach the Mystic via Digitalmars-d
digitalmars-d at puremagic.com
Fri Feb 6 15:40:40 PST 2015
On Friday, 6 February 2015 at 23:25:02 UTC, Walter Bright wrote:
>> This solution appeals to me greatly. It pinpoints precisely
>> where unsafe code
>> can generate; it catches unintended safety violations in all
>> @trusted code
>> outside @system blocks, as requested by many people so far; it
>> makes systems
>> programming highly visible, with redundancy at the function
>> signature and at the
>> unsafe code itself. I really think it's spot on!
>
> I suspect that such a feature would simply lull people into a
> false sense of security in that merely tagging an unsafe cast
> with @system and the compiler accepting it is good enough.
>
> My evidence for this is how @trusted was used in Phobos.
You do realize that our proposal *tightens* security, with no
loosening at all? No code which currently fails to compile will
start compiling with this proposal. This is literally a breaking
change which does nothing but cause errors in existing code - for
the explicit purpose of making all code safer, which it will do,
possibly dramatically.
More information about the Digitalmars-d
mailing list