Don wrote:
It seems to me that one of the most important features of SafeD is that whenever a @safe function invokes a function, it does so only with valid parameters. The problem with memcmp() is that the required relationship between the parameters is complicated, and can't be determined statically by the compiler. The fact that internally it does pointer arithmetic is a symptom of this problem: it might be accessing memory which is not implied by the parameters. So memcmp() cannot be @trusted.
Exactly. You said it better than me!
