Tell us your DIP1000 woes
Dom DiSc
dominikus at scherkl.de
Mon Aug 26 23:06:39 UTC 2024
On Monday, 26 August 2024 at 18:54:26 UTC, Walter Bright wrote:
> On 8/26/2024 1:33 AM, Richard (Rikki) Andrew Cattermole wrote:
>> This appears to be an interaction between DIP1000 and the fact
>> that ``@trusted`` functions have an interface that is required
>> to be ``@safe`` but not its body validated.
>
> It not only appears to be, it is true that trusted functions
> are not validated.
But their API should be checked. That would actually make
@trusted *functions* (not trusted blocks) much more useful.
That would make for a useful difference between @safe and
@trusted - one is completely checked, for the other only the
parameters and return values are checked.
These checks would make it much more plausible why @safe
functions should be allowed to call @trusted functions but not
@system functions.
Having a (guaranteed) safe interface makes @trusted functions a
whole lot more trustworthy.
More information about the Digitalmars-d
mailing list