On 2/9/15 10:13 AM, "Marc =?UTF-8?B?U2Now7x0eiI=?= <schue...@gmx.net>"
wrote:
On Monday, 9 February 2015 at 14:40:36 UTC, Steven Schveighoffer wrote:
On 2/7/15 7:11 AM, "Ola Fosheim =?UTF-8?B?R3LDuHN0YWQi?=
<ola.fosheim.grostad+dl...@gmail.com>" wrote:
You are trying to do this:
1. mechanically verify the whole @trusted region
2. manually verify the whole @trusted region, but be sloppy about it
here an there
3. Ooops, we were sloppy in the wrong spot...
No.
A @trusted function is manually verified, period.
But we also must tag potential points of leakage with @system. In
fact, it probably could be a warning/error if you have a @trusted
function without any @system escapes (it could just be marked @safe).
That's a nice migration path, btw. First, warn about @trusted functions
without @system blocks and don't enforce @safe-ty inside them, later
disallow them and do enforce @safe-ty in the others.
Yes, that solves the problem of breaking code with this... Nice idea.
-Steve
