bearophile wrote:
Lars T. Kyllingstad:
Thank you for your answer & thread link.
Some time ago, I believe Walter decided to let @safe mean "no undefined
behaviour".
I find it hard to believe that safe modules can define for example the semantic
of static casts between size_t and a pointer, while unsafe modules can leave it
undefined as in C :-) To me this will lead to a mess even worse than the C
situation.
So a better solution is to define such behaviours in both kinds of modules, or
leave them undefined in both. I prefer the first possibility. And to make this
happen a starting point is to list all things C standard leaves undefined.
The effect of @safe would be to forbid code that leads to undefined
behaviour, not make it well-defined.
-Lars
