Discussion Thread: DIP 1028--Make @safe the Default--Final Review
Atila Neves
atila.neves at gmail.com
Thu Mar 26 16:19:44 UTC 2020
On Thursday, 26 March 2020 at 14:24:24 UTC, Adam D. Ruppe wrote:
> What frustrates me about these discussions is the facts that
> slices always check bounds by default.
As they should.
> C doesn't do those. So assuming C's problems apply to D is
> fallacious.
C's problems apply to D as soon as you allocate on the C heap or
use pointers to stack-allocated memory.
> Rust's complication is because they wanted to avoid the runtime
> checks.
Rust's complication is because they wanted to avoid a GC, which
was marketing genius. It has runtime checks for when access
patterns can't be guaranteed at compile-time.
> But D's runtime checks are also a valid solution.
We can do better that at compile time.
> I suspect 95+% of C's problems already are extremely rare in D,
Yes. The remaining 5% are all related to the stack and allocating
on the C heap.
> yet the @safe advocates never seem to consider this at all.
I'm not sure what you mean by this. Is it your opinion that
writing @safe code is hard and/or restrictive?
If you allocate on the GC heap and use -preview=dip1000, then
writing @safe code is writing D code*, *except* when you call
non- at safe library code. Unfortunately this is common because
@safe isn't the default.
* Pretty much, but not exactly always
More information about the Digitalmars-d
mailing list