Fantastic exchange from DConf
H. S. Teoh via Digitalmars-d
digitalmars-d at puremagic.com
Thu May 18 10:53:52 PDT 2017
On Thu, May 18, 2017 at 08:12:18AM -0400, Steven Schveighoffer via Digitalmars-d wrote:
[...]
> Of course. But what business people would see is a huge company like
> facebook being marginalized by a small startup, and having the
> analysts say "well, it's mostly because they used Rust/D". The game
> would be over at that point, regardless of the technical details of
> the "true" root cause.
But how likely is it for the analysts to say "it's because they used
Rust/D instead of C"?
> Note: I just use facebook as an example of a company that is so large
> and pervasive that everyone thinks they are unkillable, I don't really
> think the strawman scenario above is likely. Remember the old saying,
> "Nobody ever got fired for picking IBM"? How relevant is that today?
Yeah, probably the shift away from C will be gradual, rather than
overnight.
[...]
> Speaking of "memory safe" languages like PHP whose implementation is
> not necessarily memory safe, there is a danger here also in how D is
> moving towards memory safety. We still allow unsafe operations inside
> @safe code, using @trusted. This is a necessary evil, but it's so very
> important that the base libraries (druntime and phobos) keep this to a
> minimum, and that we review those @trusted blocks to death.
[...]
Yes, and that is why it's a grave concern that Phobos has (or used to
have) giant blocks of code under the heading `@trusted:`. Even entire
functions marked @trusted are a concern, to me, if the function is more
than 5-10 lines long.
In the long run, I fear that if there are too many @trusted blocks in a
given codebase (not necessarily Phobos), it will become too onerous to
review, and could lead to hidden exploits that are overlooked by
reviewers. I don't know how to solve this conundrum.
T
--
"Hi." "'Lo."
More information about the Digitalmars-d
mailing list