On Friday, 25 August 2023 at 21:00:08 UTC, Guillaume Piolat wrote:
The idea is to deliberately mark @system functions that need
special scrutiny to use, regardless of their memory-safety.
Function that would typically be named `assumeXXX`.
```d
class MyEncodedThing
{
Encoding encoding;
/// Unsafe cast of encoding.
void assumeEncoding (Encoding encoding) /* here */ @system
/* here */
{
this.encoding = encoding;
}
}
char* assumeZeroTerminated(char[] str) @system
{
return str.ptr;
}
```
That way, @safe code will still need to manually @trust them.
I think it's smart for `assumeZeroTerminated` because you cannot
use assertions or contracts to verify that.
I'd like to think the same for `assumeEncoding` but actually I
dont see where is the unsafe cast.