DIP 1028---Make @safe the Default---Community Review Round 1

Timon Gehr timon.gehr at gmx.ch
Thu Jan 9 19:38:26 UTC 2020

On 09.01.20 20:34, IGotD- wrote:
> On Thursday, 9 January 2020 at 19:22:28 UTC, Timon Gehr wrote:
>> On 09.01.20 20:00, Steven Schveighoffer wrote:
>> If your @trusted code relies on @safe code to maintain safety-critical 
>> invariants, your @trusted code is broken. Any reasonable formalization 
>> of @trusted would declare such an usage invalid, so lowering the scope 
>> of @trusted to small blocks is not per se desirable.
>> @safe code can't be trusted. It may be edited by programmers who are 
>> not allowed to write @trusted code.
> @trusted is a completely unnecessary declaration and should be removed. 
> This DIP should really already assume that @trusted is removed.
> There are @safe and @unsafe (or @system or whatever you call it). Safe 
> code can call unsafe code a vice versa and it is the responsibility of 
> the programmer to test the code and use the libraries the programmer 
> think are stable enough. If you think about it there isn't a "middle", 
> an almost safe, "I promise my @trusted code is bug free".

Sorry, but this is plain nonsense. Please read the documentation.

More information about the Digitalmars-d mailing list