On Sunday, 21 October 2018 at 22:03:00 UTC, ag0aep6g wrote:
The @trusted contract says that an @trusted function must be
safe when called from an @safe function. That calling @safe
function might be located in the same module, meaning it might
have the same level of access as the @trusted function.
That means, Atomic.incr is invalid. It's invalid whether
Atomic.badboy exists or not. It's invalid because we can even
possibly write an Atomic.badboy. That's my interpretation of
the spec, at least.
Frankly, this does not sound credible. According to this
rationale, array access should be @system too, because it relies
on the array not giving direct access to its length to the user,
which would also in itself be @safe.
