Bug 13838 – @safe by default

Languages like Rust show us how important memory safety is today, and the planned DIP69 works for @safe code, this means now in D it becomes more important to use @safe functions in most cases. There are still some cases where you can't use @safe even if they should be safe, some of them are shown here, but Phobos/druntime is getting better, and they will decrease: void main() @safe { import std.stdio, std.algorithm, std.bigint, std.typecons, std.array; [1, 2].sort!("a < b", SwapStrategy.stable); auto r = [1, 2].sort().release; writeln; BigInt a; a = a + a; alias Foo = Tuple!int; Foo[] data; data.remove!(x => x == Foo()); int[] b; auto c = b.capacity; b.schwartzSort!(x => x); const r2 = cartesianProduct([1], [1]).array; [Typedef!int(1)].array; } So perhaps it's a good idea to have @safe functions by default. This is how it could be done: Step 1) Introduce a "-safe" compiler switch that gives a warning where a function unmarked with @system/@trusted calls a @system/@trusted function or performs memory-unsafe operations. This will help D developers improve Phobos. Step 2) The functions defined above generate a warning if the -wi/-w switches are used (even if no -safe switch is used). Step 3) The functions defined above generate a deprecation message (even if no -safe switch is used). The compiler -safe switch is still allowed, but it's not documented in the options help message of the compiler. Step 4) The functions defined above give an error, and the -safe switch is removed from the compiler (it's not recognized any more). See also Issue 12941

This has been discussed many times on the forums and I can say with 99% certainty that this will never happen with D2. It's just too large a breaking change that would throw out literally all legacy code. If D3 ever happens, then maybe.