On Thu, 10 Apr 2014 13:45:26 -0400, Tommi <tommitiss...@hotmail.com> wrote:
On Thursday, 10 April 2014 at 17:37:53 UTC, Steven Schveighoffer wrote:
On Thu, 10 Apr 2014 13:25:25 -0400, bearophile
<bearophileh...@lycos.com> wrote:
Take a look ad Ada language. It has bounds checking and its compilers
have a switch to disable those checks. If you want the bounds checking
don't use the switch that disables the bounds checking. Safety doesn't
mean to have no way to work around safety locks. It means have nice
handy locks that are active on default. In a system language total
safety is an illusion. Better to focus on real world safety and not a
illusion of theoretical safety.
That's why we have @trusted.
No. @trusted is for code that cannot be guaranteed to be memory-safe by
the compiler (either at runtime or at compile-time), but the programmer
still wants to promise that the code is memory-safe. Array bounds
checking doesn't land under that moniker, it can be checked by the
compiler.
@safe code can be marked as @trusted instead, and nothing changes, except
@trusted code can have bounds checks removed. How does this not work as a
solution?
As Walter often says about logical const, logical @safe is @safe by
convention, and it loses all of its teeth.
-Steve