D not considered memory safe

Walter Bright newshound2 at digitalmars.com
Thu Jul 25 18:14:23 UTC 2024


I understand where you're coming from with this. Your proposal has advantages. 
I'm not sure I can sell that, though.

Going from 3 safety attributes to 4 attributes is just going to confuse people. 
There's no simple, obvious rule saying what checks will be on, and which will be 
off. Calling unsafe functions? accessing mutable globals? pointer casting? C 
strings? unions? All of these are difficulties I face with converting the 
compiler source code, and they don't have simple answers. Nobody is going to 
remember which checks are turned on by the 4th attribute and which are disabled.

Rust has only one -- unsafe -- but converting code to Rust is a massive 
undertaking, one that requires redesigning the algorithms and data structures. 
It's such an undertaking that when one manages to do it, it gets a Hackernews 
article. I'm impressed that Rust managed to sell that. I've been told 
anecdotally that Rust developers often just slap 'unsafe' everywhere and get 
their project working. Does that mean Rust is a safewashed fraud of a language?

@trusted turns off safety checks. That's all it does. How it is used is up to 
the programmer, and always will be.


More information about the Digitalmars-d mailing list