DIP 1028---Make @safe the Default---Community Review Round 1

Timon Gehr timon.gehr at gmx.ch
Thu Jan 9 20:03:38 UTC 2020

On 09.01.20 20:59, H. S. Teoh wrote:
> On Thu, Jan 09, 2020 at 02:35:36PM -0500, Steven Schveighoffer via Digitalmars-d wrote:
>> On 1/9/20 2:22 PM, Timon Gehr wrote:
> [...]
>>> @safe code can't be trusted. It may be edited by programmers who are
>>> not allowed to write @trusted code.
>> I'm not saying it's safe. I'm saying I want the mechanical checking
>> outside the trusted escape. e.g. I want the compiler to check these
>> parts, but I know this one part needs trusting. D doesn't give a
>> better way to express this other than safe code with trusted escapes.
> [...]
> Yeah, I also consider this to be valuable.  Another way of doing the
> same thing is that @trusted *doesn't* allow unsafe operations by
> default, it just marks that function as needing to be manually verified,
> but within that function you have to explicitly mark out which parts are
> to be trusted:
> ...
> T

I like this proposal (but there should be @system _expressions_ too). It 
would also fix accidentally trusting your template alias parameters.

Probably this is going a bit far off-topic now though.

More information about the Digitalmars-d mailing list