On Wed, 27 Dec 2017 08:36:13 +0000, codephantom wrote: > btw. I'd like to see D 3.x introduce a breaking change and make @safe > the default, instead of @system. I think that would be huge boost for D > going forward. > > How practical that is, I would have no idea. > > But as an 'end user' of D, I would prefer to have to explicitely mark > code as @system, rather than have to explicitely mark code as @safe, and > therefore having to find tools that help me check whether I 'forgot' to > do that.
I used to agree. For people that use @safe religiously, a tool could easily fix the breakage (it's just a toggle), and for most others the tool could still fix everything, though with a little more work. But it's so easy to do this now without breaking anything. ``` module mymodule; @safe: @system class ABC { int func(int* p, size_t len) { return p[0] + p[1]; } } string thisIsSafe() { return "Yay!"; } ``` I actually like requiring the explicit @safe at the module declaration now; it tells other programmers "I intend this module to be memory-@safe"; you just need a quick grep for @system and @trusted to find exceptions. Sure, that expression of intention wouldn't be necessary if it were default, but I don't really see the benefit in changing it now. People who care will add the attribute, people that don't care, won't; knowing the programmer's intention can be useful, too.