On 2/6/15 3:02 PM, "Ola Fosheim =?UTF-8?B?R3LDuHN0YWQi?=
<ola.fosheim.grostad+dl...@gmail.com>" wrote:
On Friday, 6 February 2015 at 18:51:34 UTC, Steven Schveighoffer wrote:
I see the point now that making sure @safe functions don't have
escapes has the advantage of not requiring *as much* review as a
@system or @trusted function. I am leaning so much towards H.S. Teoh's
solution of making @trusted safe by default, and allowing escapes into
@system code. That seems like the right abstraction.
Just to make sure that I got this right:
I don't really understand why you need to escape to @system from
@trusted. Isn't @trusted the same as @system but with a seal that says
that it has been manually verified to be memory safe? @system simply
allows the same internal semantics as @trusted but with no such declared
guarantee to the caller?
In the proposal, @trusted code is actually considered the same as @safe,
but allows @system escapes.
I don't have any time to read your further points, but I will catch up
with them later, sorry!
-Steve