On Wednesday, 8 February 2017 at 15:18:34 UTC, Sönke Ludwig wrote:
The problem is that there are two affected call stacks - the
@system API function that registers the @system callback,
wrapping/casting it as @trusted, and the event handler that
later on actually calls the callback. The latter place is where
the hidden violation of the @safe guarantees happens.
Hidden from whom? Since it's user, who supplies @system code to
vibe, he knows that the resulting program doesn't provide @safe
guarantees.
It can be communicated at the API level:
int f(@safe void delegate() dg) @safe
{ code }
int f(@system void delegate() dg) @system
{ return f(cast(@safe void delegate())dg); }
So that unsafe overload would be only callable from unsafe code.
