On Monday, April 27, 2020 9:52:32 AM MDT drug via Digitalmars-d-learn wrote: > 27.04.2020 18:28, data pulverizer пишет: > > I'm probably not the first person to say this but. Isn't @trusted an odd > > label to give unsafe functions and open to abuse by unscrupulous > > programmers? It almost says "nothing to see, this here piece of code is > > a-ok". Shouldn't it be explicitly labelled as @unsafe? > > It says "this piece of code is verified by its author manually so you > (the compiler) can trust it is @safe"
Exactly. @trusted isn't about marking something as not being memory safe. The compiler already treats anything as not being memory safe if it can't verify that it's memory safe. It's about the programmer telling the compiler that they've verified that it's memory safe even though the compiler couldn't. The code that neither the programmer nor the compiler has verified to be memory safe is @system. So, if we had the attribute @unsafe, it would have been instead of @system, not @trusted. And ultimately, @trusted is not about telling anyone that there's "nothing to see." If anything, it's the opposite. @trusted code is the primary place that has to be examined when you have a memory bug in your code (or think that you have one). Barring bugs in the compiler, it should not be possible for @safe code to do anything that's memory unsafe, so when looking for memory safety bugs, it's the @trusted code that has to be examined to make sure that it actually is memory safe and that the programmer didn't use @trusted correctly. - Jonathan M Davis
