DIP 1028---Make @safe the Default---Community Review Round 1
timon.gehr at gmx.ch
Thu Jan 9 19:38:26 UTC 2020
On 09.01.20 20:34, IGotD- wrote:
> On Thursday, 9 January 2020 at 19:22:28 UTC, Timon Gehr wrote:
>> On 09.01.20 20:00, Steven Schveighoffer wrote:
>> If your @trusted code relies on @safe code to maintain safety-critical
>> invariants, your @trusted code is broken. Any reasonable formalization
>> of @trusted would declare such an usage invalid, so lowering the scope
>> of @trusted to small blocks is not per se desirable.
>> @safe code can't be trusted. It may be edited by programmers who are
>> not allowed to write @trusted code.
> @trusted is a completely unnecessary declaration and should be removed.
> This DIP should really already assume that @trusted is removed.
> There are @safe and @unsafe (or @system or whatever you call it). Safe
> code can call unsafe code a vice versa and it is the responsibility of
> the programmer to test the code and use the libraries the programmer
> think are stable enough. If you think about it there isn't a "middle",
> an almost safe, "I promise my @trusted code is bug free".
Sorry, but this is plain nonsense. Please read the documentation.
More information about the Digitalmars-d