[Issue 14125] std.file has gotten out of hand
via Digitalmars-d-bugs
digitalmars-d-bugs at puremagic.com
Wed Feb 4 17:49:28 PST 2015
https://issues.dlang.org/show_bug.cgi?id=14125
--- Comment #29 from hsteoh at quickfur.ath.cx ---
One idea that occurred to me (though it may be a bit too late to implement) is
that @trusted functions remain under @safe requirements except for @system
blocks within the function body, e.g.:
-----
// This is hypothetical syntax, the exact syntax is not important,
// it's the idea behind it.
int myTrustedFunc(int x) @trusted {
int x = *cast(int*)null; // Compile error: unmarked unsafe operation in
@trusted function
@system {
enum magicAddress = 0x900D1DEA;
int y = *cast(int*)magicAddress; // OK, unsafe operation allowed in
@system block
}
free(null); // Compile error: cannot call @system function outside @system
block
return ...;
}
-----
This way, reviewers know to scrutinize everything inside the @system block,
while the code outside is mechanically verified not to introduce more @system
operations to the function.
--
More information about the Digitalmars-d-bugs
mailing list