D not considered memory safe

Timon Gehr timon.gehr at gmx.ch
Thu Jul 11 10:18:06 UTC 2024


On 7/11/24 07:59, Walter Bright wrote:
> On 7/10/2024 7:33 PM, Richard (Rikki) Andrew Cattermole wrote:
>> The point is, once @safe is the default, that capability goes away 
>> without @infer.
> 
> I understand that.
> 
> First, @system code should be a very small part of a program. If complex 
> things are being done with layers of templates in @system code, I 
> propose that is a badly designed program.
> ...

So? A template library should still work with `@system` lambdas.

> Second, just declare them @trusted until one gets around to a proper 
> refactoring.
> 
> In fact, I've been doing just that. Adding @safe: at the top, and then 
> everything that fails to compile gets marked @trusted. Eventually, 
> refactor the code as time permits.
> 
> No need for Yet Another Attribute.

If even the main language designer advocates for randomly sprinkling 
`@trusted` to shut up the compiler, there is no hope for memory safe D.


More information about the Digitalmars-d mailing list