Simplification of @trusted
Ola Fosheim Grøstad
ola.fosheim.grostad at gmail.com
Thu Jun 17 17:42:08 UTC 2021
On Thursday, 17 June 2021 at 14:30:58 UTC, Steven Schveighoffer
wrote:
> The goal is to guarantee that *as long as* your @trusted
> functions and blocks have a @safe interface, then @safe code
> does not need to be checked. When I say "not require review" I
> mean "I have checked all the @trusted code, and it has a sound
> @safe interface, so all @safe code that may call it have no
> need for review." We will never have a marking that is
> language-guaranteed to not require review.
But doesn't this mean that having even a single @safe method on
an ADT class would be a liability? So you are essentially forced
to define them all as @trusted?
E.g.
```
class A {
this() @trusted {
ptr = &buffer[0];
offset = 0;
}
int get() @trusted { return ptr[offset]; }
void set(int i) @trusted { this.offset = i&1; }
/*BUG: offset was pasted in here by mistake*/
int size()@safe{ offset=2; return 2;}
private:
int[2] buffer;
int* ptr;
int offset;
}
```
Since this @safe size() function could in theory mess up offset
by a bug, it should not be allowed?
However if we make size() @trusted then this is perfectly ok by
the requirements?
As a result, you have to make ALL methods @trusted.
More information about the Digitalmars-d
mailing list