DIP 1028---Make @safe the Default---Community Review Round 1
Walter Bright
newshound2 at digitalmars.com
Mon Jan 6 02:17:42 UTC 2020
On 1/5/2020 12:13 PM, jxel wrote:
> inserting @trusted gets
> it to compile, or they can spend 2-4 hours restructuring code, they are going to
> use the option that doesn't waste their time.
This misses the point. D provides plenty of escapes from writing safe code. The
point is not to stop all those escapes, but to:
1. make it clear where those escapes are
2. make it auditable, i.e. the QA dept can grep for `@trusted` and then decide
whether to have a company standard about that or not. In the absence of such,
the code is not auditable.
For example, in C:
void foo() { int* p; } // initialized to garbage
This is not auditable. Whereas in D:
@system void foo() { int* p = void; } // initialized to garbage
*is* auditable and is intentional and requires extra effort, it is not the default.
More information about the Digitalmars-d
mailing list