On 2/5/2015 3:43 PM, Dicebot wrote:
The fact that @trusted is contained in small block doesn't mean rest of @safe
function doesn't need to be reviewed. Only difference is "review all manually"
vs "review all manually with some help of compiler".
I did a review of all uses of @trusted in std.array:
https://issues.dlang.org/show_bug.cgi?id=14127
About 90% of them resulted in the injection of unsafe code into safe functions,
requiring a safety review of those allegedly mechanically checkable functions.
This is an abject failure of the technique of using @trusted as an escape than
as encapsulation.
By definition, if an @trusted function presents itself with a safe interface,
the calling code does not have to be reviewed. And reviewing the interface is a
heluva lot easier than the whole rest of the code.
