On 2/27/15 1:07 PM, H. S. Teoh via Digitalmars-d wrote:
What about this, if we're serious about @safe actually*guaranteeing* anything: after 2.067 is released, we reimplement @safe by making it reject every language construct by default.
I don't think this is practical. It's a huge amount of work over a long time.
Besides, even with that approach there's still no guarantee; implementation bugs are always possible in either approach.
I think the closest thing to what you're after is progress and preservation proofs on top of a core subset of the language. It would be great if somebody wanted to do this.
Andrei
