DIP 1028 "Make @safe the Default" is dead

Jonathan M Davis newsgroup.d at jmdavisprog.com
Fri May 29 22:52:26 UTC 2020 

On Friday, May 29, 2020 6:48:20 AM MDT Meta via Digitalmars-d-announce wrote:
> On Friday, 29 May 2020 at 12:22:07 UTC, Steven Schveighoffer
>
> wrote:
> > On 5/29/20 12:53 AM, Walter Bright wrote:
> >> The subject says it all.
> >>
> >> If you care about memory safety, I recommending adding `safe:`
> >> as the first line in all your project modules, and annotate
> >> individual functions otherwise as necessary. For modules with
> >> C declarations, do as you think best.
> >>
> >> For everyone else, carry on as before.
> >
> > Thank you Walter.
> >
> > I'm sure this was not easy to decide, and is frustrating. It's
> > unfortunate that the thrust of DIP1028 could not be saved and
> > we had to throw out the whole thing for the one bad piece.
>
> It's not unfortunate - it's unnecessary. @safe by default is
> still a laudable and (seemingly) attainable goal. Why throw out
> the entire DIP instead of removing or altering the controversial
> aspect?

IIRC, based on how the DIP process it works, if a DIP gets rejected, it
basically has to go through the whole process again. Walter could certainly
make an executive decision to skip that process and just implement an
altered version of the DIP, but as much flak as he's gotten over his DIPs,
he's very much been trying to stick to the process rather than simply
implementing his ideas.

Now, whether in the future, we'll get a DIP proposing @safe as the default
for all code that the compiler can check while leaving it @system for the
code that it can't, I don't know. The way that Walter stated that DIP 1028
was dead kind of implies that he's given up on it entirely, but we'll have
to wait and see. Based on what he's said, it seems like he may be convinced
that @safe by default will result in @trusted being used inappropriately way
too much if extern(C) declarations aren't @safe by default (in which case,
making @safe the default would actually make things worse), and he clearly
thought that treating declarations differently from definitions would mean
adding an exception to the rules and that such an exception would be very
negative.

- Jonathan M Davis

More information about the Digitalmars-d-announce mailing list