, hsutter wrote

(...) that Standard C++ now does have a safe subset, but we need a concrete description -- ideally a mode. It has made me think again about doing a scrub of all standard C++ language and library features and marking some as "unsafe" in some way (possibly that allows overloading, such as for vector::op[] overloads for safe and unsafe instead of the current hack of providing op[] and at() which almost nobody uses), then supporting a switch that enables only safe mode. (...)

(...) I think saying "use this (possibly standardized) switch/mode and your modern C++ code is type- and memory-safe" would be a big deal and an important missing piece to completely answer and dispel this question. (...)

If this mode incurs any performance cost, people won't use it. If this mode breaks when compiling any 3rd party or "legacy" headers, people won't use it. Look at the mess we already have with managing warnings/warning levels and static analysis annotations ...

Still, I'm very keen to see what the outcome of such an endeavor could be Smiley