Discussion from private conversation that I think expounds on my prior reply to @notriddle:
But @keean's point was that the mutability checking would work fine in userland code and that only the library programmer would need to write unsafe code, but my example in my reply to @notriddle pointed out that is not true. So the mutability checking of Rust just ends up forcing unsafe code in userland code as well. Afaics, the "house of cards" (of globally disallowed mutability aliasing) comes crashing down.
That is why I asked you:
But afaics disallowing it always by default causes annotations of unsafe on that which might not be semantically unsafe.
There are other ways to get those same and even more aggressive optimizations such as declaring the data to be immutable.
I have no qualms with an optional annotation that disallows aliasing.
I presume you mean compile-time protection.
Perhaps this is the reason my proposed encapsulation by inverting the control with yield might be superior to @keean's design pattern employing instances of iterators? But still we'd need iterator instances to pass around positions in a collection. Seems we'd need to guarantee that the world can't get a mutable reference to the collection while an iterator instance exists. That sounds like dependent-typing, which is not Turing complete.
The only "solution" I can think of is the iterators should panic! or print a log file error entry.