[jvillasante]

While other communities are already taking direct steps towards safety, the C++ community is still trying to define what safety means. I think it's funny and sad at the same time!

I didn't read the article (just browse it) but here's the TLDR from the article itself:

``` tl;dr: I don’t want C++ to limit what I can express efficiently. I just want C++ to let me enforce our already-well-known safety rules and best practices by default, and make me opt out explicitly if that’s what I want. Then I can still use fully modern C++… just nicer. ```

As is normal in C++, the defaults are wrong. Developers should "opt in" for unsafe instead of "opt out" of it!

[soulbadguy]

> Developers should "opt in" for unsafe instead of "opt out" of it!

Why ? C++ guiding principle is zero cost abstractions.

[estebank]

It's "zero cost abstractions over what you would write by hand". If you argue that anyone doing array access should be doing bounds checks when in doubt, a C++ compiler performing bounds checks would still be considered zero(additional)-cost.

[pptr]

Well, when you are not in doubt you don't want unnecessary bounds checks.

[estebank]

If you can communicate to a human that a bounds check isn't necessary, you can communicate it to a compiler.

[pptr]

I'm all for better tools to help the compiler figure things out. Here is an example where I can't communicate the invariants to the compiler:

``` std::vector<int> v; ... v.push_back(2); std::sort(v.begin(), v.end()); // no need to check i < size because we know we will find value 2 somewhere in the v. for (int i = 0; i < v.size(); ++i) { if (v[i] == 2) return i; } ```

Note that in C++ you can manually mark code after the loop as unreachable, which would indeed skip the size check. But that's as bad as not checking bounds in the first place.

[soulbadguy]

No...

[spacechild1]

> As is normal in C++, the defaults are wrong. Developers should "opt in" for unsafe instead of "opt out" of it!

Isn't this exactly what he is saying?