On Tuesday, 15 November 2022 at 13:01:39 UTC, Siarhei Siamashka
wrote:
Well, there's another way to look at it:
https://doc.rust-lang.org/book/ch19-01-unsafe-rust.html
('Unsafe Rust exists because, by nature, static analysis is
conservative. When the compiler tries to determine whether or
not code upholds the guarantees, it’s better for it to reject
some valid programs than to accept some invalid programs.
Although the code might be okay, **if the Rust compiler doesn’t
have enough information to be confident, it will reject the
code**. In these cases, you can use unsafe code to tell the
compiler, “Trust me, I know what I’m doing.”')
Are you saying that the D safety model is different? In the
sense that if the D compiler doesn’t have enough information to
be confident, it will accept the code?
D's safety model is the same. In `@safe` code, D will reject
anything that the compiler cannot say for sure is memory safe.
However, unlike in Rust, `@safe` is not the default in D, so you
must mark your code as `@safe` manually if you want to benefit
from these checks.
