Shouldn't safety be the default.

Paulo Pinto pjmlp at progtools.org
Tue Dec 26 19:32:56 UTC 2023 

On Tuesday, 26 December 2023 at 15:35:55 UTC, Lance Bachmeier 
wrote:
> On Tuesday, 26 December 2023 at 14:46:45 UTC, Paulo Pinto wrote:
>> On Tuesday, 26 December 2023 at 12:39:46 UTC, bachmeier wrote:
>>> On Tuesday, 26 December 2023 at 12:00:13 UTC, Sebastiaan 
>>> Koppe wrote:
>>>
>>>> [...]
>>>
>>> The earlier proposal would have killed D. I no longer recall 
>>> the details but it would have been miserable to interoperate 
>>> with C code under that proposal. And without C 
>>> interoperability, D is dead.
>>>
>>> All that's needed is a compiler switch rather than breaking 
>>> everyone's code. Or an easy way to shut it off. Neither of 
>>> those were on the table.
>>
>> Rust, Go, Swift, C# are doing just fine with the requirement 
>> that C interop must be explicitly marked as unsafe.
>
> Aside from the massive amounts of money those languages had to 
> start with, the primary use case of Go, Swift, and C# was not 
> working with C, and Rust was explicitly written for someone 
> wanting safe at all costs.
>

Cgo has been part of Go since the early days, Swift has been 
designed with interoperability with Objective-C (a C superset), 
and C++ has been supported in .NET since version 1.0 (yet another 
C superset).

> D's primary selling point for many is interoperability with C 
> and otherwise writing unsafe code. Not only would this break 
> almost all of my existing code for no benefit, it would break 
> any package I want to work with that uses unsafe code (anything 
> on code.dlang.org that does anything with a pointer), so then 
> I'm having to maintain my own fork of those packages. All the 
> documentation and tutorials with even one line of unsafe code 
> are suddenly broken.

How is that selling point going on since Andrei's book has been 
published, in terms of D market share versus all newcomers?

>
> If D had been safe by default, this would not have been a big 
> issue, even for those of us that don't care about safe by 
> default. But to force this on us *entirely because you don't 
> want to add a -safe switch to the compiler* is completely 
> unreasonable. (The compiler switch was off the table, but the 
> way you tested out the earlier DIP was by *using a compiler 
> switch*.)

On which forum post am I advocating against -safe switch?

More information about the Digitalmars-d mailing list