@trust is an encapsulation method, not an escape
via Digitalmars-d
digitalmars-d at puremagic.com
Mon Feb 9 14:26:52 PST 2015
On Monday, 9 February 2015 at 14:40:36 UTC, Steven Schveighoffer
wrote:
> But we also must tag potential points of leakage with @system.
> In fact, it probably could be a warning/error if you have a
> @trusted function without any @system escapes (it could just be
> marked @safe).
>
> Think of it this way: the @system tags are the only places
> where issues can creep into the function. But then you have to
> apply the leaks to the whole function. It makes the problem of
> finding potential safety issues more tractable, because the
> compiler forces us to identify the root causes.
The compiler should only verify what is needed for the type
system to work. There is no need to differentiate between
@trusted and @system for that.
If you require using "@system" for annotation, then you will have
to change the language every time you improve the verifier.
Because this ad hoc annotation will be unsuitable for a more
powerful verifier.
And it isn't obvious that treating @trusted as @safe will not
lead to false positives.
More information about the Digitalmars-d
mailing list