DIP 1028---Make @safe the Default---Community Review Round 1
Ola Fosheim Grøstad
ola.fosheim.grostad at gmail.com
Fri Jan 3 20:46:00 UTC 2020
On Friday, 3 January 2020 at 19:03:46 UTC, Dennis Cote wrote:
> The code that would be marked @unsafe is only "potentially
> unsafe". In most cases, the code that would be marked as
> @unsafe is bug-free and perfectly safe to execute.
"unsafe" is the defacto terminology for code that isn't type
checked, i.e. verified. "safe" means that it is verified:
type-safety, memory-safety etc.
An unsafe type system is a type system that can be broken if you
make an effort to break it. It is still unsafe if nobody ever
wrote any code that broke it.
Type safety is about providing mechanical guarantees that cannot
be broken no matter what code you write.
> but I don't think @unsafe is a better choice because it implies
> there "is" a problem with the code rather than just saying "be
> cautious".
It tells the compiler that the code is intended to not be type
checked for memory safety, so it intentionally unsafe (e.g.
unchecked).
Code is not safe until it has been mechanically verified.
This is standard usage of the term safe and unsafe.
More information about the Digitalmars-d
mailing list