On 2/5/15 3:13 PM, Walter Bright wrote:
On 2/5/2015 11:49 AM, Andrei Alexandrescu wrote:
As much as I was shocked about the use of @trusted/@safe/@system in
std.file,
std.array and sadly possibly in other places, I found no evidence that
the
feature is misdesigned. I continue to consider it a simple, sound, and
very
effective method of building and interfacing robust code. An excellent
engineering solution that offers a lot of power at a modest cost.
I do not support this proposal to change the semantics of
@trusted/@safe/@system.
I agree.
So the question is, what does @trusted actually buy you, since the
compiler can't check it?
It serves as notice that "This function merits special attention during
code review to check that it has a safe interface and that its
implementation is correct."
That also applies to @safe functions since they can call @trusted
functions. In essense, @trusted buys you headaches. I think we should
try to lessen them.
-Steve
