On 8/4/2017 2:26 AM, Maksim Fomin wrote:
So, you agree that @safe cannot solve the problem because of C function interfaces and 'lack of machine checkable memory safety in C'. In this case, why does @safe relies on static analysis in CT and type inference when memory safety is determined by the 'C memory sate' at RT? Either @safe is wrongly presented (it is not memory safety tool, but something else) or (if the intention was to provide memory safety tool) it is a flawed feature.
Every memory safe language that talks to C code (Rust, Java, etc.) has this issue. Once you step outside the language, guarantees cannot be made. It's not reasonable to assume otherwise.
It appears, that scope has its own loopholes too [1]. [1] https://issues.dlang.org/show_bug.cgi?id=17718
All languages have bugs in their implementations. What do you suggest we do about that?
