On Tue, 26 Dec 2017 14:54:14 -0800, Walter Bright wrote: > On 12/26/2017 1:03 AM, Paolo Invernizzi wrote: >> The point is that the presence of one @safe: line in the module can be >> mechanically checked, over one million devs working on a codebase. >> >> The whole point of Walter argumentation is 'mechanically'. > > That's right. C++ is based on faith in the programmer using best > practices. D is not based on faith, it can be automatically checked.
If the programmer opts-in to those checks... it's a +1 for pragmatism but does make marketing the language a bit weird -- one-liners spawn objections to the integrity of the claim (such as a portion of this thread; if there are objections within the community, how much more will we find objections outside it!). When I hear someone talk about a memory-safe language (especially as a major feature), I do think memory-safe by default. The thing is, D does have support for memory-safety by default (bound-checked arrays, etc.), and allows you to opt-in to greater safety guarantees; but that's not what many think of when they think memory-safe (it doesn't really help that every language provides their own, slightly different, definition). And D has faith that programmers using @trusted know what they're doing (for both writing and calling the function). There is no avoiding trust in a useful language.