Rationale for accepting DIP 1028 as is
Bastiaan Veelo
Bastiaan at Veelo.net
Tue May 26 20:38:17 UTC 2020
On Tuesday, 26 May 2020 at 16:31:57 UTC, Bruce Carneal wrote:
> Currently a machine checked @safe function calling an
> unannotated extern C routine will error out during compilation.
> This is great as the C routine was not machine checked, and
> generally can not be checked. Post 1028, IIUC, the compilation
> will go through without complaint. This seems quite clear.
> What am I missing?
I agree that being forced to think about a trusted interface to
that routine can contribute to safety. Not getting this is the
price if DIP 1028 as is. Doing it the other way bears a different
price.
Still, it does not change the amount of code that must be vetted
during an audit, either way.
-- Bastiaan.
More information about the Digitalmars-d-announce
mailing list