Tell us your DIP1000 woes

Dom DiSc dominikus at scherkl.de
Mon Aug 26 23:06:39 UTC 2024


On Monday, 26 August 2024 at 18:54:26 UTC, Walter Bright wrote:
> On 8/26/2024 1:33 AM, Richard (Rikki) Andrew Cattermole wrote:
>> This appears to be an interaction between DIP1000 and the fact 
>> that ``@trusted`` functions have an interface that is required 
>> to be ``@safe`` but not its body validated.
>
> It not only appears to be, it is true that trusted functions 
> are not validated.

But their API should be checked. That would actually make 
@trusted *functions* (not trusted blocks) much more useful.
That would make for a useful difference between @safe and 
@trusted - one is completely checked, for the other only the 
parameters and return values are checked.
These checks would make it much more plausible why @safe 
functions should be allowed to call @trusted functions but not 
@system functions.

Having a (guaranteed) safe interface makes @trusted functions a 
whole lot more trustworthy.


More information about the Digitalmars-d mailing list