My Long Term Vision for the D programming language

H. S. Teoh hsteoh at quickfur.ath.cx
Fri Nov 19 00:09:20 UTC 2021 

On Thu, Nov 18, 2021 at 11:51:09PM +0000, SealabJaster via Digitalmars-d wrote:
> On Thursday, 18 November 2021 at 17:52:44 UTC, H. S. Teoh wrote:
> > Exactly what I said.  The day will come when the world realizes just
> > how much of a liability an inherently-unsafe language is, and how
> > much it's costing businesses, and the tables will turn.
[...]
> A shame we didn't get @safe by default pushed through, because (from
> what I recall) extern(C) functions were for some reason also
> considered @safe by default, which caused too much backlash.
[...]

Honestly, it was a big loss for D that @safe by default failed to get
through simply due to such a small detail. IMO the benefits of @safe by
default far exceed any squabble we may have over how extern(C) functions
should behave.

Still, @safe itself leaves much to be desired:

	https://issues.dlang.org/buglist.cgi?keywords=safe&list_id=238237&resolution=---

It's not bad in its current state, but could be so much more had a more
complete job been done.

The fact that it's implemented as a blacklist rather than a whitelist
also means that there are likely many holes in it that we just haven't
found yet.  What should've been done, is to implement it as a whitelist,
and then each time somebody gets blocked by @safe for something that's
actually safe, we can review it and conservatively expand the whitelist.
With a blacklist implementation, it's anybody's guess where in the
exponentially-many combinations of language features there might be
loopholes in @safe, which is a far less tractible problem.

(Yes, a blacklist implementation and a whitelist implementation will
eventually both converge to the same thing.  But a blacklist
implementation will continue to have loopholes until it converges,
whereas a whitelist implementation is guaranteed safe, with only the
occasional inconvenience when a valid operation is wrongly blocked. When
it comes to memory safety and potential security exploits, it's always
better to err on the safe side.)


T

-- 
Don't throw out the baby with the bathwater. Use your hands...

More information about the Digitalmars-d mailing list