DIP 1028---Make @safe the Default---Community Review Round 1

Walter Bright newshound2 at digitalmars.com
Mon Jan 6 02:17:42 UTC 2020


On 1/5/2020 12:13 PM, jxel wrote:
> inserting @trusted gets 
> it to compile, or they can spend 2-4 hours restructuring code, they are going to 
> use the option that doesn't waste their time.

This misses the point. D provides plenty of escapes from writing safe code. The 
point is not to stop all those escapes, but to:

1. make it clear where those escapes are

2. make it auditable, i.e. the QA dept can grep for `@trusted` and then decide 
whether to have a company standard about that or not. In the absence of such, 
the code is not auditable.

For example, in C:

     void foo() { int* p; } // initialized to garbage

This is not auditable. Whereas in D:

     @system void foo() { int* p = void; } // initialized to garbage

*is* auditable and is intentional and requires extra effort, it is not the default.


More information about the Digitalmars-d mailing list