On 11/25/16 5:14 AM, Satoshi wrote:
Simply, it should be replaced by:
void safeFunc() @safe {
unsafe {
auto vi = doUnsafeCall();
}
}
@trusted functions are prohibited by d-idiom (so I don't know why are
still in D).
No, they are not. @trusted escapes are for use when you can reasonably
write most of the code with @safe (and get the benefits of the comipler
checking safety for you). If you can't reasonably do that, you mark the
whole function @trusted.
So, when I need to create a simple window with OpenGL context I need to
write about 10-15 calls to system functions. But D-idiom[1] for @trusted
tells me to make @trusted functions as small as possible. OK, it makes
sense.
but writing 20 times something like:
auto vi = (() @trusted => glXChooseXFBConfig(...))();
or:
auto vi = () @trusted { return glXChooseXFBConfig(...); }();
is annoying and just forced me to mark whole class with @trusted...
Marking the whole class as @trusted is fine. "As small as possible"
might mean you have to mark the whole thing as @trusted, because no code
can be reasonably marked @safe.
Without seeing your function, I can't say what the best marking should
be, so maybe it does make sense to add all those trusted escapes. It's
also possible to simply have an inner function marked @trusted, that
does the same thing, but is less verbose.
The idea behind @trusted is to mark code as "this needs to be manually
checked by hand". Any time you have @safe code, but your @trusted
escapes mean that the @safe code also needs to be checked, you have
mismarked it.
-Steve
