Don wrote:
Actually, I'd hope for a way of checking that @unsafe functions are called only from @trusted functions, and NOT from unmarked ones -- that's the way I'd proceed in moving a codebase over to 'safe'. Based on the idea that the most common cause of safety violation is via passing incorrect parameters. (contracts are based on the same idea).
That's something I hadn't thought of!
