A serious security bug... caused by no bounds checking.

[Andrei Alexandrescu]

On 4/10/14, 10:56 AM, Steven Schveighoffer wrote:
> @safe code can be marked as @trusted instead, and nothing changes,
> except @trusted code can have bounds checks removed. How does this not
> work as a solution?

Doesn't work because @trusted removes all additional checks by the 
compiler. We do want to have @safe as mechanically verified.

> As Walter often says about logical const, logical @safe is @safe by
> convention, and it loses all of its teeth.

I think you are wrong here.


Andrei