D not considered memory safe
Walter Bright
newshound2 at digitalmars.com
Thu Jul 25 18:14:23 UTC 2024
I understand where you're coming from with this. Your proposal has advantages.
I'm not sure I can sell that, though.
Going from 3 safety attributes to 4 attributes is just going to confuse people.
There's no simple, obvious rule saying what checks will be on, and which will be
off. Calling unsafe functions? accessing mutable globals? pointer casting? C
strings? unions? All of these are difficulties I face with converting the
compiler source code, and they don't have simple answers. Nobody is going to
remember which checks are turned on by the 4th attribute and which are disabled.
Rust has only one -- unsafe -- but converting code to Rust is a massive
undertaking, one that requires redesigning the algorithms and data structures.
It's such an undertaking that when one manages to do it, it gets a Hackernews
article. I'm impressed that Rust managed to sell that. I've been told
anecdotally that Rust developers often just slap 'unsafe' everywhere and get
their project working. Does that mean Rust is a safewashed fraud of a language?
@trusted turns off safety checks. That's all it does. How it is used is up to
the programmer, and always will be.
More information about the Digitalmars-d
mailing list