On Monday, 9 February 2015 at 14:40:36 UTC, Steven Schveighoffer
wrote:
On 2/7/15 7:11 AM, "Ola Fosheim =?UTF-8?B?R3LDuHN0YWQi?=
<ola.fosheim.grostad+dl...@gmail.com>" wrote:
You are trying to do this:
1. mechanically verify the whole @trusted region
2. manually verify the whole @trusted region, but be sloppy
about it
here an there
3. Ooops, we were sloppy in the wrong spot...
No.
A @trusted function is manually verified, period.
But we also must tag potential points of leakage with @system.
In fact, it probably could be a warning/error if you have a
@trusted function without any @system escapes (it could just be
marked @safe).
That's a nice migration path, btw. First, warn about @trusted
functions without @system blocks and don't enforce @safe-ty
inside them, later disallow them and do enforce @safe-ty in the
others.