[Issue 14125] std.file has gotten out of hand

via Digitalmars-d-bugs digitalmars-d-bugs at puremagic.com
Wed Feb 4 17:49:28 PST 2015


https://issues.dlang.org/show_bug.cgi?id=14125

--- Comment #29 from hsteoh at quickfur.ath.cx ---
One idea that occurred to me (though it may be a bit too late to implement) is
that @trusted functions remain under @safe requirements except for @system
blocks within the function body, e.g.:

-----
// This is hypothetical syntax, the exact syntax is not important,
// it's the idea behind it.
int myTrustedFunc(int x) @trusted {
    int x = *cast(int*)null; // Compile error: unmarked unsafe operation in
@trusted function
    @system {
        enum magicAddress = 0x900D1DEA;
        int y = *cast(int*)magicAddress; // OK, unsafe operation allowed in
@system block
    }

    free(null); // Compile error: cannot call @system function outside @system
block
    return ...;
}
-----

This way, reviewers know to scrutinize everything inside the @system block,
while the code outside is mechanically verified not to introduce more @system
operations to the function.

--


More information about the Digitalmars-d-bugs mailing list