On Monday, 22 October 2018 at 11:24:27 UTC, Dukc wrote:
Frankly, this does not sound credible. According to this rationale, array access should be @system too, because it relies on the array not giving direct access to its length to the user, which would also in itself be @safe.
Arrays are a language builtin. As far as I'm aware, there isn't actually an struct defined in DRuntime for arrays. But maybe I'm wrong. If there is, and if it uses a plain size_t for the length member, then it is breaking the strong @trusted promise, yes.
But having existing exceptions to the rule doesn't mean that the rule is void. We could identify the existing exceptions as bugs and try to fix them. Or we could say that they're a necessary evil, but we don't want to add more evil.
On the other hand, D could of course embrace a weaker @trusted/@safe. That would be up to Walter and Andrei, I guess. As far as I can tell from the other `shared` thread, Walter currently favors a strong @trusted.
