On Sunday, 25 August 2024 at 10:32:31 UTC, Manu wrote:
> On Sun, 25 Aug 2024 at 19:56, Paolo Invernizzi via
> Digitalmars-d < digitalmars-d@puremagic.com> wrote:
>
>> On Saturday, 24 August 2024 at 17:43:38 UTC, Manu wrote:
>> > On Sun, 25 Aug 2024 at 03:31, Richard (Rikki) Andrew
>> > Cattermole via Digitalmars-d <digitalmars-d@puremagic.com>
>> > wrote:
>> >
>> >> On 25/08/2024 5:10 AM, Manu wrote:
>> >> > [...]
>> >>
>> >> I've been considering something along these lines.
>> >>
>> >> Specifically, ``@trusted`` does not mean the entire body
>> >> shouldn't be verified. It just means that you are going to
>> >> do something naughty that needs looking at.
>> >>
>> >> So you need annotated scopes inside of it, to do the
>> >> naughty thing.
>>
>> Just wrote a trusted function and call it: that's the sane way
>> to do it and respect code reviewer hard job.
>
>
> ...so, because I'm going to make one single unsafe function
> call inside of some function, I should eject all other related
> or unrelated safety checks for the entire surrounding context?

No, you should isolate the unsafe part of code into a function,
explain why it’s unsafe, the intent of the code, the expected
parameter values and the expected returns, so that reviewer can
check that the interface is really memory safe.

Then call this extremely simple function from the rest of safe
code safe code.