On Friday, 6 February 2015 at 17:12:40 UTC, David Nadlinger wrote:
Let's say you have a template function that accepts a range.
For performance, you want to do some of the processing in a way
that is @system, but can be verified to be correct for all
inputs in this specific case. In other words, that piece of
code can be rightfully @trusted. However, marking the whole
function as @trusted would be a mistake, as the primitives of
the range that is your input data might be @system.
Using @trusted blocks (which is what is currently emulated by
the nested functions/lambdas), you can just mark your unsafe
code as @trusted and let the compiler figure out the safety of
the whole function. @safe blocks wouldn't work for this, as
you'd inadvertently require the user-supplied input range to
have @safe/@trusted primitives.
I'm trying to promote suggesting '@system' blocks instead of
'@trusted'. '@trusted' functions, but '@system' blocks - which
can only go in @trusted functions (@system block in @system
functions are redundant). It's the same semantics, but it might
win the day because the intent is to isolate the @system code,
while still presenting a @trusted interface, as seems so
important to the leadership.
