On Thu, 05 Jun 2014 14:30:49 -0400, Timon Gehr <[email protected]> wrote:
The fundamental issue seems to lie in methodology and it is that @safe is approximated by the DMD implementation from the wrong side. Instead of gradually banning usage of more and more constructs in @safe, the implementation should have started out with not allowing any constructs in @safe code and then should have gradually allowed more and more manually verified to be memory safe constructs.
I think I was one of those who argued to do it gradually. I was wrong. When one is manually marking @safe things, it's not as bad as when the compiler is automatically marking them. But in either case, @safe doesn't really mean safe, so it is pretty much useless.
-Steve
