DIP1028 - Rationale for accepting as is
Dominikus Dittes Scherkl
dominikus at scherkl.de
Sat May 23 09:13:09 UTC 2020
On Friday, 22 May 2020 at 18:24:39 UTC, Atila Neves wrote:
> memcpy isn't a good example since it's explicitly @system
Yes, it's a good example. Because if you include any C function,
you don't know if it uses memcpy internally - except if you have
the code. And as memcpy is used heavily within C libraries, it's
not unlikely that your "oh so safe" function is using it too.
Very bad advice.
It should be simply forbidden to slap @safe at anything with no
code available, because @save should be reserved for mechanically
verified parts of code.
Ok, you can slap @trusted on it, and it will compile (the easy
way), but anyone using it is at least warned. So it's possible to
check - and if no body is availabe (e.g. an object library) I
would refrain from trusting it.
But I don't want the compiler to greenwash it for me, no thanks.
There should be at least someone on the D side to blame,
destroying his reputation by slapping @trusted at whole modules.
More information about the Digitalmars-d-announce
mailing list