string toUpper(string s) @safe
{
char[] r = new char[s.length];
foreach (i, c; s)
r[i] = toUpper(c);
return cast(string)r; // <== unsafe operation
}
Shouldn't that be `return assumeUnique(r)` instead?
What about requiring to put in-code comment that mentions
condition verified safety relies on? (here - actual uniqueness of
r)
Introducing the 'trusted' template to be put in std.conv:
@trusted auto trusted(alias fun)() { return fun(); }
Is this guaranteed to be inlined in frontend?
Shouldn't it better be called `system` to denote operation is not
actually trusted?
-----------------------
In general, this is surprisingly good manifesto. The way it
started I have abandoned all hope for any pragmatical compromise
but it does address many of issues mentioned in discussion.