On Monday, 1 September 2014 at 18:29:32 UTC, Daniel Murphy wrote:
"monarch_dodra" wrote in message
news:[email protected]...
I meant it mostly in that the proposal to mark the entire
function as @trusted isn't even *applicable* to template
functions.
That isn't what I was proposing. Using a trusted nested or
lambda function is fine, but it should not be possible to
violate @safe by changing only the enclosing function.
eg making a trustedMemcpy is just as much a violation of @safe
as marking the actual memcpy as @safe. It still relies on the
calling function being manually verified not to call it
incorrectly. If your calling function needs to be manually
verified, it should be @trusted. If it can't be manually
verified, it should be @system.
Idea is that you move not only actual unsafe operation into
@trusted lambda but also any additional context that makes it
effectively @safe, separating it from the rest of the function.
It is not that trivial to spot though so some mistakes are
inevitable.
