DIP1000 scope inference
ag0aep6g
anonymous at example.com
Thu Oct 27 18:59:00 UTC 2022
On 27.10.22 19:39, Quirin Schroll wrote:
> I agree with the characterization of `@safe` and `@system`. For
> `@trusted` functions, there’s something more to say:
> * Widely accessible ones (e.g. `public`, `package`, `protected`, even
> `private` in a big module) should have a `@safe` interface, i.e. you can
> use them like `@safe` functions in all regards; they just aren’t `@safe`
> because of some implementation details.
Every single @trusted function must have a safe interface. That includes
local functions and immediately called literals.
> * Narrowly accessible ones (e.g. `private` (in a small module), local
> functions, immediately executed lambdas) can have a `@system` interface,
> but their surroundings can be trusted to use the function correctly.
You say it yourself: In that case, the surroundings need to be @trusted.
The function that is being called can only be @system when it doesn't
have a safe interface.
More information about the Digitalmars-d
mailing list