Shouldn't safety be the default.

[Lance Bachmeier]

On Tuesday, 26 December 2023 at 14:46:45 UTC, Paulo Pinto wrote:
> On Tuesday, 26 December 2023 at 12:39:46 UTC, bachmeier wrote:
>> On Tuesday, 26 December 2023 at 12:00:13 UTC, Sebastiaan Koppe 
>> wrote:
>>
>>> [...]
>>
>> The earlier proposal would have killed D. I no longer recall 
>> the details but it would have been miserable to interoperate 
>> with C code under that proposal. And without C 
>> interoperability, D is dead.
>>
>> All that's needed is a compiler switch rather than breaking 
>> everyone's code. Or an easy way to shut it off. Neither of 
>> those were on the table.
>
> Rust, Go, Swift, C# are doing just fine with the requirement 
> that C interop must be explicitly marked as unsafe.

Aside from the massive amounts of money those languages had to 
start with, the primary use case of Go, Swift, and C# was not 
working with C, and Rust was explicitly written for someone 
wanting safe at all costs.

D's primary selling point for many is interoperability with C and 
otherwise writing unsafe code. Not only would this break almost 
all of my existing code for no benefit, it would break any 
package I want to work with that uses unsafe code (anything on 
code.dlang.org that does anything with a pointer), so then I'm 
having to maintain my own fork of those packages. All the 
documentation and tutorials with even one line of unsafe code are 
suddenly broken.

If D had been safe by default, this would not have been a big 
issue, even for those of us that don't care about safe by 
default. But to force this on us *entirely because you don't want 
to add a -safe switch to the compiler* is completely 
unreasonable. (The compiler switch was off the table, but the way 
you tested out the earlier DIP was by *using a compiler switch*.)