On Friday, 11 April 2014 at 14:06:33 UTC, Daniel Murphy wrote:
Trying to prevent developer stupidity is a lost cause.
Bounds checks are on by default. They are even on when you ask
for 'fast-over-safe' aka -release. They get turned off when
you explicitly ask for it.
But there is a cost, even to labeling the "one inner" function
@trusted. Perhaps that function is extremely long and complex.
There should be a way to say, "I still want all the @safety
checks, except for this one critical array access, I have
manually guaranteed the bounds". We don't have anything like
that. All other safety checks are really static, this is the
only runtime penalty for safety.
Something like (() @trusted => arr.ptr[index]) should do the
trick.
The blunt flag approach is scary. @trusted is better, in that
you can focus on one function at a time. But I think we need
something more precise. Perhaps you should be able to have
@trusted scopes, or @trusted expressions.
@trusted delegates get you 99.99% of the way there.
Hasn't there been a proposal before to allow
@system/@trusted/@safe blocks, allowing it to be a bit more
granular than at the function level? Maybe:
@trusted
{
arr.ptr[index]
}
Could be lowered to (() @trusted => arr.ptr[index]).
