Walter Bright wrote:
BCS wrote:
I think (and it would seem Walter does as well) the answer here is to
trust the programer, but only when they ask to be trusted. Make it so
they have to explicitly do something (like do a cast) to get out of
the safe feature set. Then try and set up social construct to prevent
them, when possible, from needing to do the unsafe thing.
Essentially, correct. My preference is to try to make the easy way the
safe and correct way, and the cowboy approach to be possible, but
require deliberate effort to employ, and there to be clear indications
in the code that a cowboy approach is being used.
For example (back to aircraft!), dust covers and other things that are
handy to stick on the aircraft while on the ground, but would screw
things up while in flight, have long red streamers attached. This makes
it easy & quick to scan for any (literally) red flags before takeoff.
We still have a problem with casting, I think. There are still too many
places where it is required. Most of the time they are pretty harmless,
but unfortunately cast() can also be used to do some really nasty stuff.
eg,
int a = cast(int)b;
If b is 'uint', that's fine. But if b is immutable, or an object, that's
a disgusting bit of code. And you can't whether it's harmless or a
capital offence without looking at the definition of b. Another example
of long-distance coupling.
