On Monday, 9 February 2015 at 10:16:48 UTC, Walter Bright wrote:
On 2/9/2015 1:36 AM, Dicebot wrote:
string toUpper(string s) @safe
{
char[] r = new char[s.length];
foreach (i, c; s)
r[i] = toUpper(c);
return cast(string)r; // <== unsafe operation
}
Shouldn't that be `return assumeUnique(r)` instead?
assumeUnique does a little more than assume the argument is
unique - it also casts it, which is not a necessary consequence
of holding a unique reference. For the purpose of this article,
I'd rather have the unsafe cast be explicit rather than a side
effect.
What I have meant is that here cast is only safe under assumption
that casted slice is unique (has not other referenced).
`assumeUnique` is supposed to exactly communicate that to the
reader in most idiomatic manner. It would be still inferred as
@system here so rules won't be compromised.
Introducing the 'trusted' template to be put in std.conv:
@trusted auto trusted(alias fun)() { return fun(); }
Is this guaranteed to be inlined in frontend?
pragma(inline, true) is not available yet!
And this is exactly why I am asking ;) Wide usage of this idiom
before inlining is guaranteed may result in performance
regressions.
Shouldn't it better be called `system` to denote operation is
not actually trusted?
Andrei had the idea that one could simply grep the code for
'trusted' and thereby flag the code (trusted and @trusted) that
merits special attention. I agreed it was a good idea.
Fine by me.
