Rationale for accepting DIP 1028 as is
Bruce Carneal
bcarneal at gmail.com
Tue May 26 16:49:33 UTC 2020
On Tuesday, 26 May 2020 at 16:20:23 UTC, Atila Neves wrote:
> On Tuesday, 26 May 2020 at 16:10:24 UTC, Bruce Carneal wrote:
>> On Tuesday, 26 May 2020 at 15:54:31 UTC, Bastiaan Veelo wrote:
>>> On Tuesday, 26 May 2020 at 15:39:11 UTC, Bruce Carneal wrote:
>>>> [...]
>>>
>>> The compiler does not and cannot check inside @trusted.
>>> Whether or not one requires extern(C[++]) to be behind or
>>> within @trusted does not change what the compiler can or
>>> cannot check.j
>>
>> Completely agree but my above says nothing about @trusted.
>>
>>>
>>>> [...]
>>>
>>> The amount of code that requires human auditing remains the
>>> same. What matters is how to find that code, and how to
>>> maintain the validity of the audits.
>>
>> Another distinction: pre 1028 your compilation will error out.
>> Post 1028 it will not.
>
> Quite the opposite. Most code out there isn't marked as
> @safe/@trusted/@system. If I add a dub dependency and don't
> bother with @safe, I can call anything, in any way. Post
> 1028... nope. Unmarked @system function definitions themselves
> won't compile.
I think I see the difficulty. We both support 1028's elimination
of the "I can call anything, in any way" default. I really like
@safe by default for machine checkable code. I don't support
@safe by default for extern C.
More information about the Digitalmars-d-announce
mailing list