On 2/5/15 2:49 PM, Andrei Alexandrescu wrote:
On 2/5/15 11:17 AM, H. S. Teoh via Digitalmars-d wrote:
In short, my proposal is:
Tainted variables are an interesting topic, but quite distinct from the
notion of separating safe code from unsafe code.
As much as I was shocked about the use of @trusted/@safe/@system in
std.file, std.array and sadly possibly in other places, I found no
evidence that the feature is misdesigned. I continue to consider it a
simple, sound, and very effective method of building and interfacing
robust code. An excellent engineering solution that offers a lot of
power at a modest cost.
I do not support this proposal to change the semantics of
@trusted/@safe/@system. A separate tainted data proposal might be of
interest for loosely related topics.
The proposal (the original one I stated, not H.S.'s) is to do 2 things:
1. Clean up the syntax for @trusted escapes inside @safe code that we
have settled on.
2. Add a mechanism to make those escapes safer and more reviewable.
I don't think the idea behind @trusted is incorrect, just that the idea
it's a function attribute is mis-designed.
Note that in my proposal, you can essentially create a @trusted function
just by marking the whole thing @trusted:
-Steve
