On Tuesday, 26 May 2020 at 02:04:02 UTC, Johannes Loher wrote:
According to your argument of „convenience“, the developer will probably just mark the function incorrectly as @trusted which makes the code compile. The memory corruption will happen. However, even if the developer did not think much about potential safety issues when adding @trusted to the function, he now still remembers that he did that (it was a conscious decision, even if it was a careless and lazy one). He has a clear point to start looking for the reason of the memory corruption.
Or he'll do the right thing, and keep the function @system but call it from a @trusted block. Then when he's stuck debugging, he can show it to his experienced buddy and his experienced buddy will instantly look in the @trusted block because it's suspicious.
