D not considered memory safe
Timon Gehr
timon.gehr at gmx.ch
Thu Jul 11 10:18:06 UTC 2024
On 7/11/24 07:59, Walter Bright wrote:
> On 7/10/2024 7:33 PM, Richard (Rikki) Andrew Cattermole wrote:
>> The point is, once @safe is the default, that capability goes away
>> without @infer.
>
> I understand that.
>
> First, @system code should be a very small part of a program. If complex
> things are being done with layers of templates in @system code, I
> propose that is a badly designed program.
> ...
So? A template library should still work with `@system` lambdas.
> Second, just declare them @trusted until one gets around to a proper
> refactoring.
>
> In fact, I've been doing just that. Adding @safe: at the top, and then
> everything that fails to compile gets marked @trusted. Eventually,
> refactor the code as time permits.
>
> No need for Yet Another Attribute.
If even the main language designer advocates for randomly sprinkling
`@trusted` to shut up the compiler, there is no hope for memory safe D.
More information about the Digitalmars-d
mailing list