D not considered memory safe

[Dukc]

Walter Bright kirjoitti 15.7.2024 klo 21.20:
> On 7/11/2024 3:18 AM, Timon Gehr wrote:
>> If even the main language designer advocates for randomly sprinkling 
>> `@trusted` to shut up the compiler, there is no hope for memory safe D.
> 
> The only way to do a conversion of a large program is to mark them all 
> @trusted and then fix the functions one by one. The remaining @trusted 
> annotations are the TODO list.
> 
> If there's another practical way, I'm not aware of it.

1. Start by doing just what you did: mark something `@safe` that should 
be `@safe` and see what error messages pop up.

2. When the compiler complains you're calling a `@system` function, stop 
and think. If the function you're trying to call is supposed to have a 
safe API, then fine, go and mark it as `@trusted` and add it to todo 
list. But if you are, for instance, calling anything that takes a C 
string as an argument, please don't schlepp `@trusted` on that - that 
would be marking an unsafe API @safe. Use the trusted lambda trick instead.

3. If you had to add trusted lambdas and it annoys you, remove them when 
you're done and instead mark the whole function you were working on as 
`@trusted`.