@trusted attribute should be replaced with @trusted blocks
Timon Gehr
timon.gehr at gmx.ch
Thu Jan 16 03:34:26 UTC 2020
On 16.01.20 03:06, Joseph Rushton Wakeling wrote:
> On Thursday, 16 January 2020 at 01:53:18 UTC, Timon Gehr wrote:
>> It's an implementation detail. If you care about the distinction, you
>> should check out the function's implementation, not its signature.
>
> Sure. But on a practical day-to-day basis, @safe vs @trusted signatures
> help to prioritize one's allocation of care somewhat.
> ...
You have to be careful when writing a @trusted function, not when
calling it. If you do not trust a given library, there is no reason to
be more careful around a @trusted API than around a @safe API, as they
do not mean different things.
@safe does not fully eliminate risk of memory corruption in practice,
but that does not mean there is anything non-absolute about the
specifications of the attributes. As I am sure you understand, if you
see a @safe function signature, you don't know that its implementation
is not a single @trusted function call, so the difference in signature
is meaningless unless you adhere to specific conventions (which the
library you will be considering to use as a dependency most likely will
not do).
> I'm coming to the conclusion that much of the differences of opinion in
> this thread are between folks who want to see things as absolutes, and
> folks who recognize that these features are tools for mitigating risk,
> not eliminating it.
>
I was not able to figure out a response to this sentence that is both
polite and honest.
More information about the Digitalmars-d
mailing list