D not considered memory safe
Dennis
dkorpel at gmail.com
Fri Jul 19 19:43:55 UTC 2024
On Friday, 19 July 2024 at 18:19:38 UTC, Walter Bright wrote:
> In my experience with large, complex programs, cyclical program
> flow, that is not practical. I wish it was practical.
I assume you're mostly referring to dmd. I've also been
incrementally improving dmd's own safety over the years, but by
working bottom up, without marking functions with unsafe
interfaces `@trusted`. How do the strategies compare? One
approximation would be to simply count additions / deletions of
`@safe`, `@system` and `@trusted` in our commits over the last 5
years:
```
From me:
@safe: +1048 -245
@trusted: +109 -181
@system: +166 -302
From you:
@safe: +315 -142
@trusted: +1331 -46
@system: +242 -14
```
(Generated by
https://gist.github.com/dkorpel/666aa59e0b910713f614382f563e89b4
and dmd-master today)
Take these numbers with a grain of salt: this doesn't analyze the
scope and actual impact of those attributes of course. However,
it's hard to believe mass-applying `@trusted` on functions is
'the only practical way'.
In my experience, the main obstacles of a `@safe` dmd are
abundant use of `__gshared` and C-strings. That's why I
appreciate your pull requests where you refactor globals into
parameters, those improve the `@safe` situation for real. The DIP
idea to make printf's interface `@safe` is also a step in the
right direction because `error()` calls are everywhere. (though
with the bootstrap compiler situation, its usefulness looks very
far away).
More information about the Digitalmars-d
mailing list