On Friday, 25 August 2023 at 21:00:08 UTC, Guillaume Piolat wrote:
The idea is to deliberately mark @system functions that need special scrutiny to use, regardless of their memory-safety. Function that would typically be named `assumeXXX`.```d class MyEncodedThing { Encoding encoding; /// Unsafe cast of encoding.void assumeEncoding (Encoding encoding) /* here */ @system /* here */{ this.encoding = encoding; } } char* assumeZeroTerminated(char[] str) @system { return str.ptr; } ``` That way, @safe code will still need to manually @trust them.
I think it's smart for `assumeZeroTerminated` because you cannot use assertions or contracts to verify that.
I'd like to think the same for `assumeEncoding` but actually I dont see where is the unsafe cast.
