On Wednesday, 2 January 2013 at 22:53:04 UTC, Jonathan M Davis
wrote:
Then we're going to have to disagree, and I believe that Walter
and Andrei are
completely with me on this one. If all of the constructs that
you use are
@safe, then it should be _guaranteed_ that your program is
memory-safe. That's
what @safe is for. Yes, it can be gotten around if the
programmer marks
@system code as @trusted when it's not really memory-safe, but
that's the
programmer's problem. @safe is not doing it's job and is
completely pointless
if it has any holes in it beyond programmers mislabeling
functions as @trusted.
- Jonathan M Davis
Perhaps it is worth looking at Rust for this problem? They have
been looking pretty hard at the lifetimes of data/pointers and
perhaps they have a (possibly partial) solution that can be used
in the D compiler. It seems to me a ref in D has many things in
common with Rust's borrowed pointers.