On Sunday, 13 April 2014 at 01:30:59 UTC, Nick Sabalausky wrote:
// Note, I meant for trustedWrapperWhatever to be private
// and placed together with doStuff. Obviously not a public
// func provided by foo's author.
@trusted private auto trustedWrapperFoo(...) {...}
Still accessible by other functions in same module unless you
keep each @trusted function in own module.
----------------------------------
Then how could this possibly be any better?:
----------------------------------
@system auto foo() {...}
@trusted void doStuff() {
...stuff...
foo();
...stuff...
}
----------------------------------
The former contains extra safety checks (ie, for everything in
"...stuff...") that the latter does not. The former is
therefore better.
Because @system does not give any guarantees. It is expected by
type system that calling such function can do anything horrible.
@trusted, however, is expected to be 100% equivalent to @safe
with only exception that its safety can't be verified by
compiler. Any @trusted function from the type system point of
view can be used in any context where @safe can be used.
It is you personal responsibility as a programmer to verify 100%
safety of each @trusted function you write, otherwise anything
can go wrong and writer will be only one to blame.
