Typical security issues in C++: why the GC isn't your enemy

[Siarhei Siamashka]

On Monday, 12 December 2022 at 12:53:42 UTC, Nick Treleaven wrote:
> What about deprecating defining `main` without a 
> @system/@trusted/@safe attribute? Then users have to make a 
> choice. If they choose @safe then anything main calls has to 
> have a safe interface.

This would be a step in the right direction. But modules don't 
have `main`. And it's not ergonomic:
```D
void bar() {
}
void foo() {
   bar();
}
void main() @safe {
   foo();
}
```
The user will first get a complaint about annotating "foo". And 
after this is done, there will be a complaint about "bar" and so 
on. Many people will be very much annoyed after a few minutes of 
such activity. This can be alternatively resolved by adding 
`@safe:` at the top of the file, but the compiler needs to give a 
clear hint about this. If this is not done, then many beginners 
won't be happy and some of them will quit right from the start.

> I almost never use `@safe:` because it prevents @safe attribute 
> inference.

Why is this a problem?

> Of course, if D can encourage/default to using @safe that may 
> make the language more popular by helping market it.

D has very effective marketing. It's very good at attracting 
attention because the advertisements are spread everywhere in 
wikipedia, hackernews and other places. I think that the majority 
of software developers (excluding the youngsters) already know 
that D language exists and already gave it a try at some point in 
the past. But making a good first impression and then managing 
not to betray expectations is another story.

Default @safe can prevent beginners from feeling stabbed in the 
back if they came looking for a safe language, only to be 
surprised by an unexpected out of bounds bug in a -release build. 
It's like "LOL, are you kidding?" discovery. And not everyone is 
particularly enthusiastic about registering in the forum to ask 
questions.