@trust is an encapsulation method, not an escape

[Zach the Mystic via Digitalmars-d]

On Friday, 6 February 2015 at 16:19:26 UTC, John Colvin wrote:
> On Friday, 6 February 2015 at 16:11:31 UTC, Andrei Alexandrescu 
> wrote:
>> On 2/6/15 3:57 AM, Martin Krejcirik wrote:
>>> If I understand it correctly, Walter is against adding 
>>> trusted blocks
>>> (trusted {...}) into @safe functions. But what about having 
>>> safe blocks
>>> in @trusted functions ?
>>
>> That would be sensible - perhaps the best step forward 
>> following this long discussion. -- Andrei
>
> It feels inelegant, but it might be the best way out of a bad 
> situation.
>
> I can instantly see this happening:
>
> void foo() @trusted
> {
>     @safe
>     {
>         //loads of code
>     }
>
>     //a few lines of system code, only safe due to context in 
> the @safe blocks
>
>     @safe
>     {
>         \\loads of code
>     }
> }
>
> Is that what we want? I can't see why not, but it feels off 
> somehow... Effectively you've got @trusted blocks in an 
> @trusted function, just inverted.

It's been suggested that '@system' be used to mark the blocks in 
question. The point would be to emphasize the dangerousness of 
the operation. The function is still @trusted, but inside, the 
@system code is marked as such.