DIP1028 - Rationale for accepting as is

H. S. Teoh hsteoh at quickfur.ath.cx
Fri May 22 16:51:45 UTC 2020


On Fri, May 22, 2020 at 04:39:42PM +0000, jmh530 via Digitalmars-d-announce wrote:
[...]
> This comes back to a point I had made on one of the original DIP
> discussion threads that one issue is that @safe is a blacklist of
> things you can't do rather than a whitelist of allowed things.
[...]

Yes, and that's why @safe has been on a shaky foundation since the
beginning.  In theory, a perfect, bug-free blacklist is equivalent to a
perfect, bug-free whitelist.  But given the rate at which D is adopting
new features, and the combinatorial explosion of feature combinations,
any of which might lead to violation of @safe, my confidence level on
the completeness of the blacklist is on the low side.  Had it been a
whitelist, it would have been much better, because when people ran into
a combination of features that ought to be allowed, but isn't, they
would file a bug, and then that case could be added to the whitelist
after careful vetting. You always err on the safe side. With a
blacklist, you're playing catch-a-mole with missed cases, overlooked
cases, and you never have complete certainty that you've weeded out all
dangerous constructs.


T

-- 
"Computer Science is no more about computers than astronomy is about telescopes." -- E.W. Dijkstra


More information about the Digitalmars-d-announce mailing list