On 2/6/15 4:36 PM, "Ola Fosheim =?UTF-8?B?R3LDuHN0YWQi?=
<ola.fosheim.grostad+dl...@gmail.com>" wrote:
On Friday, 6 February 2015 at 20:13:18 UTC, Steven Schveighoffer wrote:
In the proposal, @trusted code is actually considered the same as
@safe, but allows @system escapes.
But that can't work:
@trusted_is_safe {
auto tmp = get_hardware_config();
@system{
mess_up_hardware_config();
}
// now this unsafe call is called in a @safe context, but is unsafe...
// DMD does not catch this, so "@trusted_is_safe" is broken
call_safe_code_that_now_is_messed_up();
@system{
restore_hardware_config(tmp);
}
}
The idea is that @trusted code still has to be reviewed for memory
issues, but is mechanically checked for most of the function for obvious
@safe violations. It limits to a degree the scrutiny one must apply to
the @trusted function.
Remember, the whole point of a @trusted function is that it's manually
verified.
-Steve
