On 09/11/2014 10:34, bearophile wrote:
If you just disallow that kind of operations indiscriminately, you
reduce a lot the usefulness of D (because fixed size => dynamic slice
array is a conversion useful in many cases) and probably force the
introduction of many casts, and I don't know if this will increase the
overall safety of the D code.
Seeing as the 'scope' attribute doesn't seem to be happening any time
soon, shouldn't the compiler reject static array slicing in @safe code?
The user is then forced to think about the operation, and put the code
in a @trusted delegate if they think it is actually safe.
<grumble>
It would help a bit if we had @trusted blocks instead of having to call
a @trusted delegate inline (which is non-obvious). The status quo
encourages people to just mark whole functions as @trusted, skipping
much otherwise acceptable safety enforcement.
</grumble>