Trusted Manifesto
Walter Bright via Digitalmars-d
digitalmars-d at puremagic.com
Mon Feb 9 02:16:35 PST 2015
On 2/9/2015 1:36 AM, Dicebot wrote:
>> string toUpper(string s) @safe
>> {
>> char[] r = new char[s.length];
>> foreach (i, c; s)
>> r[i] = toUpper(c);
>> return cast(string)r; // <== unsafe operation
>> }
>
> Shouldn't that be `return assumeUnique(r)` instead?
assumeUnique does a little more than assume the argument is unique - it also
casts it, which is not a necessary consequence of holding a unique reference.
For the purpose of this article, I'd rather have the unsafe cast be explicit
rather than a side effect.
> What about requiring to put in-code comment that mentions condition verified
> safety relies on? (here - actual uniqueness of r)
Good idea.
>> Introducing the 'trusted' template to be put in std.conv:
>>
>> @trusted auto trusted(alias fun)() { return fun(); }
>
> Is this guaranteed to be inlined in frontend?
pragma(inline, true) is not available yet!
> Shouldn't it better be called `system` to denote operation is not actually trusted?
Andrei had the idea that one could simply grep the code for 'trusted' and
thereby flag the code (trusted and @trusted) that merits special attention. I
agreed it was a good idea.
More information about the Digitalmars-d
mailing list