On 2/27/2018 4:39 AM, Jonathan M Davis wrote:
Except that that's really not how @trusted is supposed to be used. The
programmer needs to verify that the caller is using a.ptr in a manner that
is actually @safe, because the compiler is not smart enough to determine
that for you. Wrapping it in an @trusted function means that the caller
won't get an error and that the programmer won't necessarily know that they
need to verify the calling code. It's the code that's using ptr that needs
to be verified, not the actual accessing of ptr.
Hiding the access to ptr within an @trusted function goes against that
entire idea of @trusted and makes it easy to use ptr without realizing that
you need to be checking the code that's using it, since you just called a
wrapper function to silence the compiler instead of listening the compiler
and studying the code using ptr to verify its @safety.
Yes, this bears repeating.
