On Borrow Checking

[Dukc]

On Saturday, 3 May 2025 at 19:22:20 UTC, Walter Bright wrote:
> You add:
>
> ```
> @live:
> ```
>
> at the beginning of your modules.

I would never seriously consider this.

It would mean I have to make _all_ my `@safe` code `@live` before 
I can begin using the `@trusted` version of `free` without it 
being safewashing.

And thereafter I could never use any third party 
`@safe`/`@trusted` code that isn't verified to be `@live` 
correct. This includes Phobos.

Just dropping to `@system`/`@trusted` when doing manual memory 
management is far more practical regardless of the use case.

>
> Because it is opt-in with D rather than opt-out in Rust, does 
> not alter the fact that D has a borrow checker.

Most certainly we don't want to force existing `@safe` D code to 
adapt `@live` rules. Not even over an edition switch. In that 
you're right.

But ironically, our opt-out borrow checker does exactly this in a 
practical sense. Like I wrote above, you can only depend on 
`@live` for `@safe`ty if you use it everywhere. This is the worst 
of both worlds: not only do I have to make all my `@safe` code to 
use the borrow checker (as in Rust), I must _manually_ make sure 
I don't have any non-`@live` `@safe` code around, unless I'm 
willing to manually review them like a `@trusted` function.

If the borrow checker is to be of any real use, we need some way 
to check where it is needed. So that code that does manual memory 
management will have to use `@live` (or ditch `@safe`), but your 
regular garbage-collected stuff won't.