On Sat, May 23, 2020 at 10:55:40AM +0000, Dukc via Digitalmars-d-announce wrote: [...] > When I look my own code that uses the Nuklear GUI library, written in > C, it's all `@system`. I have not had the time to make `@trusted` > wrappers over the BindBC-nuklear API, so I did what tends to occur to > us as the next best thing: resign and make the whole client code > `@system`. Just making `@trusted` wrappers over BindBC-nuklear seemed > to me as inresponsible use of the attribute. And reading this theard, > it would seem like most of you would agree. > > But when I think it, what I have accomplised from avoiding that > antipattern? The only difference is, that if my D code does something > `@system`, it'll remain under the radar. So I'm worse off than had I > submitted to the antipattern! [...]
And this is precisely why I proposed that what we need is a way for the compiler to mechanically check all code *except* certain specified blackboxes that are skipped over. Then you can have your calls to unvetted C functions and still have the mechanical checks enabled for the rest of your code. This is also related to @trusted blocks inside a function, the intention of which is to limit the @system code to as small a surface area as possible while enabling @safe checks for the rest of the function. T -- Gone Chopin. Bach in a minuet.