On Wednesday, 8 February 2017 at 15:18:34 UTC, Sönke Ludwig wrote:
The problem is that there are two affected call stacks - the @system API function that registers the @system callback, wrapping/casting it as @trusted, and the event handler that later on actually calls the callback. The latter place is where the hidden violation of the @safe guarantees happens.

Hidden from whom? Since it's user, who supplies @system code to vibe, he knows that the resulting program doesn't provide @safe guarantees.
It can be communicated at the API level:

int f(@safe void delegate() dg) @safe
{ code }
int f(@system void delegate() dg) @system
{ return f(cast(@safe void delegate())dg); }

So that unsafe overload would be only callable from unsafe code.

Reply via email to