ref is unsafe

[Thiez]

On Wednesday, 2 January 2013 at 22:53:04 UTC, Jonathan M Davis 
wrote:
> Then we're going to have to disagree, and I believe that Walter 
> and Andrei are
> completely with me on this one. If all of the constructs that 
> you use are
> @safe, then it should be _guaranteed_ that your program is 
> memory-safe. That's
> what @safe is for. Yes, it can be gotten around if the 
> programmer marks
> @system code as @trusted when it's not really memory-safe, but 
> that's the
> programmer's problem. @safe is not doing it's job and is 
> completely pointless
> if it has any holes in it beyond programmers mislabeling 
> functions as @trusted.
> - Jonathan M Davis

Perhaps it is worth looking at Rust for this problem? They have 
been looking pretty hard at the lifetimes of data/pointers and 
perhaps they have a (possibly partial) solution that can be used 
in the D compiler. It seems to me a ref in D has many things in 
common with Rust's borrowed pointers.