On Thursday, 5 February 2015 at 23:39:39 UTC, Walter Bright wrote:
static void trustedMemcopy(T[] dest, T[] src) @trusted { assert(src.length == dest.length); memcpy(dest.ptr, src.ptr, src.length * T.sizeof); }I don't have to review callers of trustedMemory() because it encapsulates an unsafe operation (memcpy) with a safe interface.
It might have done so if it ensured that T was a proper value type, but unfortunately D's type system is not strong enough.
What happens if T is a unique_ptr style reference? Ouch, two unique references to the same object. Ouch, memory unsafe.
@safe is a leaky cauldron and will continue to be so until you provide a proof of language constructs and how they interact. The only sane way to do that is to do the proof over a simplified virtual machine and map all language constructs to it.
