Shouldn't safety be the default.
Sebastiaan Koppe
mail at skoppe.eu
Tue Dec 26 12:00:13 UTC 2023
On Tuesday, 26 December 2023 at 11:32:15 UTC, ryuukk_ wrote:
> https://dlang.org/spec/function.html#safe-functions
>
>
> -No casting from a pointer type to any type with pointers other
> than void*.
> -No casting from any non-pointer type to a pointer type.
> -No pointer arithmetic (including pointer indexing).
> -Cannot access __gshared variables.
> -No inline assembler.
>
> I hope this never becomes the default
I very much hope it does. It is a lot more economical.
9 out of 10 projects only need the features you mentioned
sparingly. It is less effort to mark those place `@trusted` than
the situation we are in now, where you need to sprinkle `@safe`
almost everywhere.
Another way to look at is that the features you mentioned are
almost always used exclusively in low level code that best sits
behind an abstraction. If trusted is the default you need to mark
anything using it `@safe`, but if safe is the default you only
need to mark a few reusable low level pieces of code `@trusted`.
More information about the Digitalmars-d
mailing list