On Fri, Jul 27, 2012 at 5:08 PM, David Nadlinger <[email protected]> wrote: > 2) The first step is necessary, but mainly of cosmetic nature (think > `pure`, `pure2`). We still need to address for the granularity and attribute > inference problem. The obvious solution is to add a "@trusted" > declaration/block, which would allow unsafe code in a certain region. > Putting @trusted in the function header would still be allowed for backwards > compatibility (but discouraged), and would have the same effect as marking > the function @safe and wrapping its whole body in a @trusted block. It could > e.g. look something like this (the @ prefix definitely looks weird, but I > didn't want to introduce a new keyword): >
Agreed. This is very similar to how Rust works. In Rust all the functions are assumed to be @safe. Unsafe code can only be performed in clearly marked blocks. Note: I am not suggesting D should implement Rust's solution as David already pointed out. -Jose
