D Article: Memory Safety

Wed Jan 20 21:19:56 PST 2016

On Thu, Jan 21, 2016 at 04:59:01AM +0000, Basile B. via Digitalmars-d-announce wrote:
[...]
> Altgough one thing, attributes are not the easy part of D. I've
> recently encountered a case were in the library attributes were
> allright, test OK, and then suddently when I've started to use the
> library in a real life context I had to remove them from the
> library... at safe was unsustainable.

Phobos/druntime still has some ways to go before using it from @safe
code will be painless.  Some pretty fundamental functionality still
isn't @safe (mainly some stuff in object.di that basically interacts
with too many other things that marking one thing as @safe will
percolate throughout pretty much everything, breaking a whole bunch of
stuff at once).

I once tried writing a @safe program, and it didn't take very long
before I threw that idea out the window.  Once main() is @safe, you're
so straitjacketed that you basically can't write anything too much more
complex than Hello World.  (Well, you *could* just slap @trusted on
whatever it is that's holding you back, but then that breaks the promise
of @safe, which defeats the purpose of the entire exercise.)

There's also still a good number of @safe-related bugs on Bugzilla,
several of which involve built-in language constructs that break
@safe-ty outright. Things have improved a bit since I last checked, but
it seems to me that @safe is still not quite ready to live up to its
promise just yet. Maybe in a few more years' time...

> Dealing with attributes is the hardest part of D IMO.  No one is
> forced to btw, there are plenty of other cool things in D but to
> follow the D safety is hard...
[...]

I think Walter has mentioned before that attribute inference is the way
to go, and I agree. Once you start writing carefully-attributed code,
you'll quickly find that your declarations become painfully verbose,
which is never a good sign (it encourages people not to use attributes).
However, attribute inference on templates and auto functions (proposed
last year, don't know if it's implemented yet) alleviates a lot of the
verbosity. Hopefully the scope of attribute inference will increase
until it makes attribute use more widespread in your everyday D code.

T

-- 
MS Windows: 64-bit rehash of 32-bit extensions and a graphical shell for a 16-bit patch to an 8-bit operating system originally coded for a 4-bit microprocessor, written by a 2-bit company that can't stand 1-bit of competition.