Safety, undefined behavior, @safe, @trusted
Ary Borenszweig
ary at esperanto.org.ar
Thu Nov 5 13:19:27 PST 2009
Walter Bright wrote:
> Steven Schveighoffer wrote:
>> If unsafe means you cannot pass pointers to local variables, then half
>> of tango (and other performance oriented libs which use stack
>> allocation as much as possible) will fail to compile.
>>
>> My vote is for unsafe as the default. It's the least intrusive
>> option, to ensure that current projects still compile. Then let the
>> project authors ensure their projects are safe one module/function at
>> a time.
>
> I agree. Also, dealing with safeness is something that comes later on as
> a project scales to a larger size. As such, it's more of a nuisance on a
> small program than a help.
>
>> Also keep in mind that @safe annotations for a mostly safe project
>> will be once at the top of each module. They won't be "everywhere".
>
> Right. Adding:
>
> @safe:
>
> at the top will do it.
But that forces a library writer to *always* think about safety. I can
imagine you implementing this and then 100 bugzilla tickets saying "I
can't call phobos' function foo in my safe function because it is not
marked as safe". Then they have to wait for the next release. And the
same will happen with library writers. I don't want to think about
safety all the time, just let me code! If something is unsafe I'll mark
it for you, compiler, no problem, but do you think I'm just some crazy
unsafe maniac? I program safely.
More information about the Digitalmars-d
mailing list