Simplification of @trusted

[Bruce Carneal]

On Sunday, 11 July 2021 at 08:36:33 UTC, Per Nordlöw wrote:
> On Wednesday, 16 June 2021 at 15:37:22 UTC, H. S. Teoh wrote:
>> This isn't the first time it was suggested.  Way back when, it 
>> was brought up and rejected because Walter thought that 
>> @trusted blocks should be discouraged, and therefore should be 
>> ugly to write.  It was extensively argued, but Walter 
>> preferred the "trusted lambda idiom", precisely because it was 
>> ugly, required effort to write, and therefore deters casual 
>> (ab)uses of @trusted.
>
> Rust, C#, V all use
>
>     unsafe { ... }
>
> Can we please allow
>
>     unsafe { ... }
>
> , Walter?
>
> It's trivial to grep for `@trusted` to find all possible safety 
> violations in projects.

Localization/minimization of code that must be reviewed for basic 
safety is very desirable.  The quiet pollution caused by a nested 
non-static @trusted lambda within code marked @safe is not.

IIUC, ongoing tolerance of such lambdas means that all @safe code 
must be grepped/reviewed or else blindly trusted.  IOW, as things 
stand currently, @safe code bodies must be treated as @trusted 
until manually proven otherwise.

My preference is to move in the other direction, towards @safe 
checking-by-default within @trusted blocks with @system syntax to 
escape from there (a backwards compatible transition proposal for 
this with simple syntax to be discussed at July beerconf).