DIP 1028---Make @safe the Default---Community Review Round 1 (page 16)

On 1/4/20 8:43 PM, NaN wrote: > On Thursday, 2 January 2020 at 09:47:48 UTC, Mike Parker wrote: > > Has anybody looked at performance considerations since @safe mandates bounds checking is left on in release mode? Great question. Presumably we can compile with nobounds for performance sensitive code. IMO this is a reasonable trade-off. Rust leaves bounds checking on always, apparently.

On Monday, 6 January 2020 at 13:18:01 UTC, James Blachly wrote: > On 1/4/20 8:43 PM, NaN wrote: >> On Thursday, 2 January 2020 at 09:47:48 UTC, Mike Parker wrote: >> >> Has anybody looked at performance considerations since @safe mandates bounds checking is left on in release mode? > > Great question. Presumably we can compile with nobounds for performance sensitive code. > IMO this is a reasonable trade-off. Rust leaves bounds checking on always, apparently. Rust, just like most safe systems programming languages provides an escape hatch (which requires unsafe), and also does bounds checking elision via dataflow analysis.

January 07, 2020

Re: DIP 1028---Make @safe the Default---Community Review Round 1

Posted by Manu
in reply to Walter Bright

Permalink

Manu

Posted in reply to Walter Bright

Permalink

On Sat, Jan 4, 2020 at 2:30 PM Walter Bright via Digitalmars-d <digitalmars-d@puremagic.com> wrote:
>
> On 1/3/2020 5:43 AM, Manu wrote:
> > FWIW, I'm not emotional about this, but it seems like a really good
> > opportunity to change @system to @unsafe, since @system appears almost
> > nowhere in existing code (because is default).
> > 'system' is a weird name for 'unsafe'. I've had lots of colleagues
> > tell me they think it doesn't make sense... and I agree. It's a silly
> > name, and defies the industries established terminology for no reason.
> > We have exactly one opportunity to correct this, and this is it.
>
> Andrei and I talked about this for a while before coming up with 'system'. We both felt that calling it 'unsafe' had undeserved negative connotations.

Okay.

Well all feedback I've received is that it fails at the rule of least
surprise. Definitely not intuitive what it means.
I think it may be possible to see and consider the situation
differently when looking from a safe-by-default perspective; today
where 'system' is default, you wouldn't want to advertise the language
as "unsafe by default"... but if safe is default, than 'unsafe' feels
a lot more reasonable for the exceptions. I reckon the change in
default may change your judgement that you describe above.

On Monday, 6 January 2020 at 23:59:28 UTC, Manu wrote: > Well all feedback I've received is that it fails at the rule of least > surprise. The feedback is incomplete. I have disliked "unsafe" since C# and know a few people who do as well. One of C# creators even admitted publicly that "unsafe" was a misnomer.

On Tuesday, 7 January 2020 at 06:24:11 UTC, Max Samukha wrote: > On Monday, 6 January 2020 at 23:59:28 UTC, Manu wrote: > >> Well all feedback I've received is that it fails at the rule of least >> surprise. > > The feedback is incomplete. I have disliked "unsafe" since C# and know a few people who do as well. One of C# creators even admitted publicly that "unsafe" was a misnomer. The very first systems programming language that introduced the concept of unsafe blocks was ESPOL, followed by NEWP for the Burrougs B5500, in 1961. Other idea that they introduced, at the OS level, was that any binary containing unsafe code was tainted and required clearance from the system admin to be executable. 8 years before C was even an idea. Unsafe has a long tradition in safe systems programming languages, and D is one of very few exceptions that has chosen something else.

On Tuesday, 7 January 2020 at 07:14:43 UTC, Paulo Pinto wrote: > The very first systems programming language that introduced the concept of unsafe blocks was ESPOL, followed by NEWP for the Burrougs B5500, in 1961. Thanks for sharing, some fun stuff (Wikipedia): «The original designer of the project was a Texan and soon started to describe the name as the answer to the question, "Is it done yet?". NEWP sounded like a West Texas version of "nope". Once the project was released, the name was "redefined" to stand for "No Executive Washroom Privileges" - a description of the type of person who would likely use the language.» Love how some obscure internal office humour 60 years later makes it into an encyclopedia... :-D

On Tuesday, 7 January 2020 at 07:57:06 UTC, Ola Fosheim Grøstad wrote: > On Tuesday, 7 January 2020 at 07:14:43 UTC, Paulo Pinto wrote: >> The very first systems programming language that introduced the concept of unsafe blocks was ESPOL, followed by NEWP for the Burrougs B5500, in 1961. > > Thanks for sharing, some fun stuff (Wikipedia): > > «The original designer of the project was a Texan and soon started to describe the name as the answer to the question, "Is it done yet?". NEWP sounded like a West Texas version of "nope". Once the project was released, the name was "redefined" to stand for "No Executive Washroom Privileges" - a description of the type of person who would likely use the language.» > > Love how some obscure internal office humour 60 years later makes it into an encyclopedia... > > :-D It is also one of the oldest OS still being developed, nowadays it is known as ClearPath MCP, sold by Unisys, and security is naturally their main selling point.

On Tue, Jan 7, 2020 at 4:25 PM Max Samukha via Digitalmars-d <digitalmars-d@puremagic.com> wrote: > > On Monday, 6 January 2020 at 23:59:28 UTC, Manu wrote: > > > Well all feedback I've received is that it fails at the rule of > > least > > surprise. > > The feedback is incomplete. I have disliked "unsafe" since C# and know a few people who do as well. One of C# creators even admitted publicly that "unsafe" was a misnomer. And 'system' is more logical and self-explanatory? Perhaps you can offer some other suggestions? I think it would have to be unusually compelling to break from industry accepted convention.

On Tuesday, 7 January 2020 at 08:42:07 UTC, Manu wrote: > And 'system' is more logical and self-explanatory? Perhaps you can > offer some other suggestions? Nice piece of rhetoric. I didn't even say anything about "system". No, it is not more logical or self-explanatory (like most identifiers, it is only vaguely hints at the actual semantics). No, I am not going to suggest anything - @system is ok with me. I don't feel too strong against "unsafe" either. > I think it would have to be unusually compelling to break from > industry accepted convention. I don't think there is such thing as "industry accepted convention" with regard to "unsafe".

On Tuesday, 7 January 2020 at 07:14:43 UTC, Paulo Pinto wrote: > The very first systems programming language that introduced the concept of unsafe blocks was ESPOL, followed by NEWP for the Burrougs B5500, in 1961. > > Other idea that they introduced, at the OS level, was that any binary containing unsafe code was tainted and required clearance from the system admin to be executable. > > 8 years before C was even an idea. > > Unsafe has a long tradition in safe systems programming languages, and D is one of very few exceptions that has chosen something else. Interesting. However, I didn't say that C# was the first to introduce the concept or name. I said that I didn't like the name when I first encountered it in C#. Also, you suggest that there is really a tradition, which is arguable.

Forums