DIP 1028---Make @safe the Default---Community Review Round 1
nise at nise.com
Thu Jan 9 19:34:25 UTC 2020
On Thursday, 9 January 2020 at 19:22:28 UTC, Timon Gehr wrote:
> On 09.01.20 20:00, Steven Schveighoffer wrote:
> If your @trusted code relies on @safe code to maintain
> safety-critical invariants, your @trusted code is broken. Any
> reasonable formalization of @trusted would declare such an
> usage invalid, so lowering the scope of @trusted to small
> blocks is not per se desirable.
> @safe code can't be trusted. It may be edited by programmers
> who are not allowed to write @trusted code.
@trusted is a completely unnecessary declaration and should be
removed. This DIP should really already assume that @trusted is
There are @safe and @unsafe (or @system or whatever you call it).
Safe code can call unsafe code a vice versa and it is the
responsibility of the programmer to test the code and use the
libraries the programmer think are stable enough. If you think
about it there isn't a "middle", an almost safe, "I promise my
@trusted code is bug free".
More information about the Digitalmars-d