Discussion Thread: DIP 1028--Make @safe the Default--Final Review

Atila Neves atila.neves at gmail.com
Fri Mar 27 15:00:59 UTC 2020 

On Friday, 27 March 2020 at 04:20:47 UTC, Mathias Lang wrote:
> On Thursday, 26 March 2020 at 10:55:44 UTC, Atila Neves wrote:
>> On Wednesday, 25 March 2020 at 21:58:40 UTC, Jonathan Marler 
>> wrote:
>>> Has the benefit warranted the cost to manage these tags 
>>> throughout your code?
>>
>> Yes. Especially since the cost is trivial.
>>
>>> Do we have any projects that are already using this behavior 
>>> by putting "@safe:" at the top of every file?  Does anyone 
>>> have any pointers to projects that have done this?
>>
>> All my projects that aren't called reggae. The only reason for 
>> that exception is that it's ancient and I didn't know any 
>> better then.
>>
>> I don't know how we've managed, but we've utterly failed at 
>> marketing @safe to the community. Writing @safe code is easy 
>> unless you're doing manual memory management or trying to 
>> abstract it with a library. *Especially* with DIP1000.
>
> There's a huge difference between correctly using `@safe` and 
> having things compile.

I think there's a huge difference in using `@trusted` correctly 
and having things compile.

> And since exceptional claims calls for exceptional proof, I 
> wanted to check whether or not your libraries would be any 
> different. It took me less than 5 minutes to find this: 
> https://github.com/atilaneves/unit-threaded/issues/176

Oops. Thanks for the bug report!

I've been quite bad at using @trusted myself. I think part of the 
reason that I've been using it wrongly is because @safe isn't the 
default, and code that *should* be @safe wasn't. The compiler 
complained and I wrongly applied @trusted somewhere.

It's my belief that I would've screwed up far less if @safe had 
been the default.

> Take any library that accepts a delegate:

Yes, this is a problem. In my libclang binding (it's on dub) I 
wanted to write @safe pure code but couldn't since libclang takes 
a visitor callback. I *could* make the callback declaration @safe 
and pure, but that's too restrictive for other users.

More information about the Digitalmars-d mailing list