My Long Term Vision for the D programming language
H. S. Teoh
hsteoh at quickfur.ath.cx
Fri Nov 19 00:09:20 UTC 2021
On Thu, Nov 18, 2021 at 11:51:09PM +0000, SealabJaster via Digitalmars-d wrote:
> On Thursday, 18 November 2021 at 17:52:44 UTC, H. S. Teoh wrote:
> > Exactly what I said. The day will come when the world realizes just
> > how much of a liability an inherently-unsafe language is, and how
> > much it's costing businesses, and the tables will turn.
[...]
> A shame we didn't get @safe by default pushed through, because (from
> what I recall) extern(C) functions were for some reason also
> considered @safe by default, which caused too much backlash.
[...]
Honestly, it was a big loss for D that @safe by default failed to get
through simply due to such a small detail. IMO the benefits of @safe by
default far exceed any squabble we may have over how extern(C) functions
should behave.
Still, @safe itself leaves much to be desired:
https://issues.dlang.org/buglist.cgi?keywords=safe&list_id=238237&resolution=---
It's not bad in its current state, but could be so much more had a more
complete job been done.
The fact that it's implemented as a blacklist rather than a whitelist
also means that there are likely many holes in it that we just haven't
found yet. What should've been done, is to implement it as a whitelist,
and then each time somebody gets blocked by @safe for something that's
actually safe, we can review it and conservatively expand the whitelist.
With a blacklist implementation, it's anybody's guess where in the
exponentially-many combinations of language features there might be
loopholes in @safe, which is a far less tractible problem.
(Yes, a blacklist implementation and a whitelist implementation will
eventually both converge to the same thing. But a blacklist
implementation will continue to have loopholes until it converges,
whereas a whitelist implementation is guaranteed safe, with only the
occasional inconvenience when a valid operation is wrongly blocked. When
it comes to memory safety and potential security exploits, it's always
better to err on the safe side.)
T
--
Don't throw out the baby with the bathwater. Use your hands...
More information about the Digitalmars-d
mailing list