On 2/5/15 2:43 PM, H. S. Teoh via Digitalmars-d wrote:
The idea is that while we would like the compiler to mechanically verify *everything*, in practice there are some things that the compiler simply cannot verify. Since those remaining things require human effort to verify and humans are prone to errors, we would like to limit the scope of those things by confining them inside @trusted functions, which, ideally, would be few in number and limited in scope. Everything else should be relegated to @safe functions, where we *require* completely automated verification by the compiler.
What's the difference between an internal scope and a separate function scope? That is, a static internal function can simply be a private module function and have the same effect.
I don't see how your proposal is more safe than mine, or that somehow I can expect a @safe function never to have manually verified code that it uses.
-Steve