On Friday, 6 February 2015 at 00:04:26 UTC, Walter Bright wrote:
On 2/5/2015 3:43 PM, Dicebot wrote:
The fact that @trusted is contained in small block doesn't
mean rest of @safe
function doesn't need to be reviewed. Only difference is
"review all manually"
vs "review all manually with some help of compiler".
I did a review of all uses of @trusted in std.array:
https://issues.dlang.org/show_bug.cgi?id=14127
About 90% of them resulted in the injection of unsafe code into
safe functions, requiring a safety review of those allegedly
mechanically checkable functions.
Yes, that was intended and not accidental. Again, we were dealing
with limited set of faulty tools. Things got inevitably hacky.
By definition, if an @trusted function presents itself with a
safe interface, the calling code does not have to be reviewed.
And reviewing the interface is a heluva lot easier than the
whole rest of the code.
I know this definition. It have tried it in practice and
concluded as being absolutely useless. There is no way I am going
to return back to this broken concept - better to ignore @safe
completely as misfeature if you insist on doing things that way.
