Why I chose D over Ada and Eiffel

[H. S. Teoh]

On Thu, Aug 22, 2013 at 07:16:09PM +0200, John Colvin wrote:
> On Thursday, 22 August 2013 at 16:46:46 UTC, H. S. Teoh wrote:
> >On Thu, Aug 22, 2013 at 05:50:49PM +0200, John Colvin wrote:
[...]
> >>If I was managing a D based team, I would definitely make use of
> >>safe/system for code reviews. Any commit that touches @system code*
> >>would have to go through an extra stage or something to that effect.
> >
> >Are you sure about that?
> >
> >	import std.stdio;
> >	void main() @safe {
> >		writeln("abc");
> >	}
> >
> >DMD says:
> >
> >	/tmp/test.d(3): Error: safe function 'D main' cannot call system
> >function 'std.stdio.writeln!(string).writeln'
> >
> >SafeD is a nice concept, I agree, but we have a ways to go before
> >it's usable.
[...]
> Fair point. Why is that writeln can't be @trusted?

On Thu, Aug 22, 2013 at 07:16:48PM +0200, John Colvin wrote:
[...]
> In the case of a string, that is.

That's a very good question. :)

As an experiment, I just tried putting @safe on std.stdio.File.writeln,
which led to needing @safe on write(), then lockingTextWriter, and
ultimately to std.range.put. Now AFAIK, the compiler should be inferring
attributes like @safe for std.range.put if it is actually @safe, but I
didn't look deeper for the underlying cause.

In any case, if this isn't already in bugzilla it should be.

This isn't the only instance of issues with SafeD, though. Currently,
there are many things that *should* be @safe, but aren't. We could, in
theory, just slap @trusted on them and call it a day, but I'd much
rather we be careful with that and only use @trusted where we can
actually prove the code's trustworthiness (i.e., not in template
functions that call an arbitrary type's popFront method, which, in
theory, could do *anything*).


T

-- 
There are three kinds of people in the world: those who can count, and those who can't.