Bjarne Stroustrup is emphatic that prohibiting all leaks must be part of safety, but I have no idea what the logical justification is to distinguish say Box::leak, which this prohibits, from the moral equivalent of freeing resources only on exit, which is fine under such a rule.
It composes (if A doesn't leak and B doesn't leak, then a combination AB also does not leak) which is a property safety also has, but I don't see another connection.
It composes (if A doesn't leak and B doesn't leak, then a combination AB also does not leak) which is a property safety also has, but I don't see another connection.