On Friday, 22 May 2020 at 18:24:39 UTC, Atila Neves wrote:
memcpy isn't a good example since it's explicitly @system
Yes, it's a good example. Because if you include any C function, you don't know if it uses memcpy internally - except if you have the code. And as memcpy is used heavily within C libraries, it's not unlikely that your "oh so safe" function is using it too. Very bad advice.
It should be simply forbidden to slap @safe at anything with no code available, because @save should be reserved for mechanically verified parts of code.
Ok, you can slap @trusted on it, and it will compile (the easy way), but anyone using it is at least warned. So it's possible to check - and if no body is availabe (e.g. an object library) I would refrain from trusting it.
But I don't want the compiler to greenwash it for me, no thanks. There should be at least someone on the D side to blame, destroying his reputation by slapping @trusted at whole modules.
