D not considered memory safe (page 3)

On 7/5/2024 12:42 PM, Steven Schveighoffer wrote: > Yes, I'm aware. I purposely did not apply `@safe`. D is not a memory safe language, you have to request it. D is memory safe if you type in "safe:" and use the gc. https://dlang.org/spec/memory-safe-d.html

On Saturday, 6 July 2024 at 00:21:32 UTC, Walter Bright wrote: > On 7/5/2024 12:42 PM, Steven Schveighoffer wrote: >> Yes, I'm aware. I purposely did not apply `@safe`. D is not a memory safe language, you have to request it. > > D is memory safe if you type in "safe:" and use the gc. > > https://dlang.org/spec/memory-safe-d.html Seriously? Any language is safe in this case, you just need to write safe code.

On Saturday, 6 July 2024 at 11:07:32 UTC, Sebastian Nibisz wrote: > On Saturday, 6 July 2024 at 00:21:32 UTC, Walter Bright wrote: >> On 7/5/2024 12:42 PM, Steven Schveighoffer wrote: >>> Yes, I'm aware. I purposely did not apply `@safe`. D is not a memory safe language, you have to request it. >> >> D is memory safe if you type in "safe:" and use the gc. >> >> https://dlang.org/spec/memory-safe-d.html > > Seriously? Any language is safe in this case, you just need to write safe code. To say something "doesn't have safety tuned on by default" vs "something is unsafe" communicates two different meanings. From another angle, would you choose "less freedom but more security" or "more freedom but less security"? You can't have both. D is a very safe non-strict modern language. It allows you to shoot yourself in the foot or gives you more freedom and control. D however does a much better job at preventing you from shooting your foot even without strict safety turned on by default. This argument in my opinion is more about strict vs non-strict (by default) because you can have strict safety by default in D of you want it.

July 06

Re: D not considered memory safe

Posted by Jonathan M Davis
in reply to Sebastian Nibisz

Permalink

Jonathan M Davis

Posted in reply to Sebastian Nibisz

Permalink

On Saturday, July 6, 2024 5:07:32 AM MDT Sebastian Nibisz via Digitalmars-d wrote:
> On Saturday, 6 July 2024 at 00:21:32 UTC, Walter Bright wrote:
> > On 7/5/2024 12:42 PM, Steven Schveighoffer wrote:
> >> Yes, I'm aware. I purposely did not apply `@safe`. D is not a memory safe language, you have to request it.
> >
> > D is memory safe if you type in "safe:" and use the gc.
> >
> > https://dlang.org/spec/memory-safe-d.html
>
> Seriously? Any language is safe in this case, you just need to write safe code.

The point is that D provides checks for memory safety if you choose to enable them. It requires using @safe to explicitly say that you want a piece of code to have those checks done, so the checks are not on by default, but it _does_ provide such checks, whereas a language like C/C++ does not. D has also been designed in a way to try to eliminate a lot of the undefined and unsafe behaviors that you have to be careful to avoid in C/C++. Barring compiler bugs or the programmer screwing up with @trusted, @safe code in D is guaranteed to be memory safe, whereas in C/C++, the language is not designed to avoid memory safety issues, and it's entirely up to the programmer to use the language in a way that doesn't have memory safety problems.

Making @safe the default for D would have the benefit of making it so that you get those memory safety checks by default, but it doesn't actually make the language itself safer. It has the same tools either way.

- Jonathan M Davis

On Saturday, 6 July 2024 at 14:56:27 UTC, aberba wrote: > To say something "doesn't have safety tuned on by default" vs "something is unsafe" communicates two different meanings. Is a car that has airbags deactivated by default before each drive safe?

On 7/6/2024 4:07 AM, Sebastian Nibisz wrote: > Seriously? Any language is safe in this case, you just need to write safe code. Enabling the checks is quite different from writing code with no bugs in it.

On Saturday, 6 July 2024 at 22:48:32 UTC, Sebastian Nibisz wrote:

On Saturday, 6 July 2024 at 14:56:27 UTC, aberba wrote:

To say something "doesn't have safety tuned on by default" vs "something is unsafe" communicates two different meanings.

Is a car that has airbags deactivated by default before each drive safe?

Typing @safe: is not a big deal. Turning on safe automatically requires anyone working with C code or otherwise writing unsafe code to turn it off. To use the airbag analogy, there are people for whom airbags are unsafe so they are disabled. Whether that is the right choice depends on the costs and benefits of doing so. What you can't say is that air bags should always be turned on or off in every car because that's safer for you.

On Saturday, 6 July 2024 at 23:10:02 UTC, Walter Bright wrote: > On 7/6/2024 4:07 AM, Sebastian Nibisz wrote: >> Seriously? Any language is safe in this case, you just need to write safe code. > > Enabling the checks is quite different from writing code with no bugs in it. But you have to remember to enable it. Inexperienced programmer usually won't do this and will build unsafe code unconsciously.

Forums