DIP1028 - Rationale for accepting as is
Atila Neves
atila.neves at gmail.com
Fri May 22 18:24:39 UTC 2020
On Friday, 22 May 2020 at 18:11:28 UTC, ag0aep6g wrote:
> So the DIP itself wasn't good enough to convince you.
Had that been the case, I would have rejected it.
> Your reasoning is fine when you're dealing with a function that
> has a safe interface. I.e., it can only corrupt your code when
> it's buggy. Then it makes sense so say "I trust the authors". D
> users do it with Phobos. Phobos authors do it with the C
> standard library. This kind of trust is perfectly ok.
> Your reasoning is completely wrong when you're thinking about a
> function that doesn't have a safe interface. E.g., C's `memcpy`
> just isn't safe.
memcpy isn't a good example since it's explicitly @system:
https://dlang.org/phobos/core_stdc_string.html#.memcpy
> It doesn't matter whether you trust the authors or not. The
> user has to make sure that the call is correct. Otherwise,
> `memcpy` will corrupt your memory. And `memcpy` is far from the
> only such function.
Yes. But most of them aren't like memcpy. Most D code calls other
D code, not C.
Am I saying nothing bad can happen if we implicitly trust
extern(C) declarations? No. I'm saying we'll be no worse off if
they're all implicitly @system.
This compiles with no warnings right *now*:
void main() {
import core.stdc.stdlib: free;
free(cast(void*) 42);
free(new int);
free(&main);
}
More information about the Digitalmars-d-announce
mailing list