phobos commit, revision 1534

phobos commit, revision 1534

user: SHOO

msg:
Applying @safe, @system, @trusted.

http://www.dsource.org/projects/phobos/changeset/1534

I think we should exercise extra caution in applying @trusted to templates. For example, without having thought much about it, I suspect many functions and structures in std.algorithm could be used in ways that make them unsafe.

Andrei

On 05/22/2010 06:32 AM, dsource.org wrote:
> phobos commit, revision 1534
>
>
> user: SHOO
>
> msg:
> Applying @safe, @system, @trusted.
>
> http://www.dsource.org/projects/phobos/changeset/1534
>
> _______________________________________________
> phobos mailing list
> phobos at puremagic.com
> http://lists.puremagic.com/mailman/listinfo/phobos

Do you mean that don't mark @trusted without thought, and should mark @system if it have any risk? (For example, precision loss for cast, or pointer operation)

Andrei Alexandrescu ????????:
> I think we should exercise extra caution in applying @trusted to templates. For example, without having thought much about it, I suspect many functions and structures in std.algorithm could be used in ways that make them unsafe.
> 
> Andrei
> 

On 05/22/2010 12:58 PM, SHOO wrote:
> Do you mean that don't mark @trusted without thought, and should mark @system if it have any risk? (For example, precision loss for cast, or pointer operation)

Yes. Essentially @trusted from a client's perspective is just like @safe. When in doubt, err on the side of @system, not @trusted.

The classic model of safe programming is Java's - class-based, garbage-collected, no true templates. We all need to think a lot on how that translates to template functions.

Andrei

Forums