On Friday, 3 February 2017 at 13:21:18 UTC, Sönke Ludwig wrote:
Keeping the system overloads would break the safety guarantees at a relatively deep level and would render the whole effort rather useless (this is the case for non-scope callbacks only, so if you stumble over a deprecated function with a scope callback, then it should be fixed).
That's kind of intended: the system would inherit safety of the code it calls. If the user code is not safe, there's no safety guarantee.
First, it actually has helped to detect some rather subtle issues in the past that have gone unnoticed for a long time otherwise.
Being @safe-compatible and provide @safe guarantees are different issues. The latter follows from the former if user code is @safe and doesn't follow otherwise.
And, maybe more importantly, annotating code as safe is the only way to guarantee proper bounds checks, which is critical for a server component.
-boundscheck=on should do it, ldc provides even more control how code is compiled.
And finally, I feel that if nobody starts to embrace this on a broader level now, it will never reach a truly mature state.
Fake @trusted annotations don't count as adoption of safety. Pedantically speaking @safe loses its purpose if @trusted code is not verified. Especially if fake @trusted becomes a habit. That's why safety can't be forced and is opt-in.
