On 2/5/2015 11:49 AM, Andrei Alexandrescu wrote:
As much as I was shocked about the use of @trusted/@safe/@system in std.file,
std.array and sadly possibly in other places, I found no evidence that the
feature is misdesigned. I continue to consider it a simple, sound, and very
effective method of building and interfacing robust code. An excellent
engineering solution that offers a lot of power at a modest cost.
I do not support this proposal to change the semantics of
@trusted/@safe/@system.
I agree.
So the question is, what does @trusted actually buy you, since the compiler
can't check it?
It serves as notice that "This function merits special attention during code
review to check that it has a safe interface and that its implementation is
correct."
