C is Brittle D is Plastic

Quirin Schroll qs.il.paperinik at gmail.com
Mon Apr 13 09:56:19 UTC 2026 

On Friday, 3 April 2026 at 14:58:52 UTC, Kapendev wrote:
> On Friday, 3 April 2026 at 14:51:00 UTC, Kapendev wrote:
>> It should be the other way around if that ever becomes a 
>> thing. The defaults being safe with a zero at the end and the 
>> unsafe version requiring an explicit symbol thing.
>
> Also imagine the confusion when people read old comments saying 
> that D string literals are zero terminated, and now they are 
> not.

If we apply that standard, Editions aren’t worth it. Almost every 
property of the D language has been talked about.

Maybe you missed it, but I wrote that if the literal is assigned 
to a char-type pointer, the NUL should be added. It’s not 
technically needed for safety because if you read over the 
buffer, that’s a you problem, but we should try to make C code 
that’s syntactically correct work correctly.

However, if you assign a string literal to a slice type first and 
later derive a pointer, that’s already `@system`. It has to be 
because you can’t know if the pointer can be dereferenced. A 
valid, non-null pointer that can’t be dereferenced is the 
one-past-the-end pointer of an array.

```d
void main() @safe
{
     const char* p = "abc"; // okay, @safe

     string s = "abc";
     const char* q = s.ptr; // error, @system operation in @safe 
function
}
```

Essentially, if you `array.ptr` you say: I know what I’m doing. 
And if you don’t that’s on you. Moving to a newer Edition without 
learning what changes it brings, I repeat myself, that’s on you. 
Editions aren’t worth it if we can only add features that don’t 
require the programmer read into them.

If you decide to write `@system` code, you need to actually know 
the language well, and you will be expected to know that Edition 
2027 which added `""z` literals made ordinary literals not NUL 
terminated. `@system` is an expert tool, and if that’s above your 
weight class, you need to step up your game.

If you don’t do C interop yourself, it won’t affect you.

If you do C interop, replacing all your `""` literals by `""z` 
literals is a simple regex replace away plus a linter 
configuration that keeps you from accidentally using `""`. 
However, I don’t think you pass many slice typed things to C 
functions. If you don’t use a linter on a big project, I’d say 
that’s on you as well.

I expected this to be controversial, but not to that degree.

More information about the Digitalmars-d mailing list