On Friday, 27 February 2015 at 14:02:58 UTC, Andrei Alexandrescu
wrote:
Safety is good to have, and the simple litmus test is if you
slap @safe: at the top of all modules and you use no @trusted
(or of course use it correctly), you should have memory safety,
guaranteed.
A feature that is safe except for certain constructs is
undesirable.
It seems like you're agreeing with my general idea of "going the
whole hog".
Generally having a large number of corner cases that require
special language constructs to address is a Bad Sign.
But D inherits C's separate compilation model. All these cool
function and parameter attributes (pure, @safe, return ref, etc.)
could be kept hidden and just used and they would Just Work if D
didn't have to accommodate separation compilation. From my
perspective, the only "Bad Sign" is that D has to navigate the
tradeoff between:
* concise function signatures
* accurate communication between functions
* enabling separate compilation
It's like you have to sacrifice one to get the other two.
Naturally I'm not keen on this, so I rush to see how far
attribute inference for all functions can be taken. Then Dicebot
suggests automated .di file generation with statically verified
matching binaries:
http://forum.dlang.org/post/otejdbgnhmyvbyaxa...@forum.dlang.org
The point is that I don't feel the ominous burden of a Bad Sign
here, because of the inevitability of this conflict.