@trusted attribute should be replaced with @trusted blocks

H. S. Teoh hsteoh at quickfur.ath.cx
Fri Jan 17 19:21:14 UTC 2020

On Fri, Jan 17, 2020 at 05:28:09PM +0000, IGotD- via Digitalmars-d wrote:
> On Friday, 17 January 2020 at 16:33:14 UTC, jmh530 wrote:
> > [1] https://words.steveklabnik.com/a-sad-day-for-rust
> I think this is pretty funny and also predictable. There is an overuse
> of unsafe in Rust because the programmers want/must escape their Gulag
> in order to do the things they want, it's human behaviour.

The other human behaviour is that people form habits and then resist
changing said habits.

See, the thing is that there's a lot to be said about defaults that
incentivize people to do things the Right Way(tm).  You provide the
option to do things differently, there's an escape hatch for when you
need it, but you also nudge them in the right direction, so that if
they're undecided or not paying attention, they automatically default to
doing it the right way.  One thing that D did quite well IMO is that the
default way to do things often coincides with the best way.  As opposed
to say C++, where the most obvious way to write a piece of code is
almost certainly the wrong way, due to any number of potential problems
(built-in arrays are unsafe, avoid raw pointers, avoid new, avoid
writing loops, avoid mutation, the list goes on).

But you have to start out with the right defaults, because once people
form habits around those defaults, they will resist change. Inertia is a
powerful force.  One of the areas D didn't incentivize in the right way
is being @system by default.  DIP 1028 is trying to change that, but you
see the consequences of not starting out that way in the first place:
people are resisting it because they have become accustomed to @system
by default, and dislike changing their habits.

> This is one of the reasons I'm a bit skeptical against DIP 1028,
> https://forum.dlang.org/thread/ejaxvwklkyfnksjkldux@forum.dlang.org.
> That people will not value it that much. I have nothing against a safe
> subset, but I'm not sure making it default is the right way to go.

IMO it would have worked had it been the default from the very
beginning.  This is why language decisions are so hard to make, because
you don't really know what's the best design except in retrospect, but
wrong decisions are hard to change after the fact because of inertia. By
the time you accumulate enough experience to know what would have worked
better, you may already be stuck with the previous decision.


Heuristics are bug-ridden by definition. If they didn't have bugs, they'd be algorithms.

More information about the Digitalmars-d mailing list