On Friday, 6 February 2015 at 17:36:27 UTC, Atila Neves wrote:
I'm trying to promote suggesting '@system' blocks instead of
'@trusted'. '@trusted' functions, but '@system' blocks - which
can only go in @trusted functions (@system block in @system
functions are redundant). It's the same semantics, but it
might win the day because the intent is to isolate the @system
code, while still presenting a @trusted interface, as seems so
important to the leadership.
That might be better than using @safe inside @trusted:
@trusted void myfunc() {
//implicitly safe
...
@system { //wouldn't compile otherwise.
auto ptr = cast(ubyte*)4;
}
//implicitly safe again
}
Exactly. I think this addresses the concerns. If I read Walter's
OP correctly, it's precisely the use of the word '@trusted' that
he opposes, unless it's built into an interface like a function
signature. Also, a @system block could be one statement long, if
I'm not mistaken, in which case the above could look like:
@trusted void myfunc() {
//implicitly safe
...
@system auto ptr = cast(ubyte*)4;
//implicitly safe again
}
