Rationale for accepting DIP 1028 as is
Gregory
g.thompson.1892 at gmall.com
Tue May 26 22:47:03 UTC 2020
On Tuesday, 26 May 2020 at 20:32:13 UTC, Paul Backus wrote:
> On Tuesday, 26 May 2020 at 17:50:58 UTC, Gregory wrote:
>> Which will just lead people to pure @trusted: at the top of
>> their code to get it to compile again, with or without
>> extern(C) being @safe by default. Then someone that uses it as
>> dependency will mistaken think it is @safe. What's to stop
>> this kind of "greenwashing" and why is greenwashing only
>> important to prevent when talking about extern(C) but every
>> other code that will break from this change?
>
> The reason extern function declarations are particularly
> problematic is that changing them from @system-by-default to
> @safe-by-default can cause *silent* breakage in existing,
> correct code. By "silent", I mean that there is no message from
> the compiler warning you that the memory safety of the code has
> been compromised. It will still compile, and you will only find
> out that something has gone wrong when you run into memory
> corruption at run-time.
>
> This undermines the entire purpose of @safe, which is to
> automatically catch code with potential memory errors at
> compile time.
Exactly, that's what I think as well. What I'm trying to convey
is that there's a lot of greenwashing that is going to happen.
Code doesn't work, slapping @trusted everywhere til it works is
what people are going to do, it doesn't matter if extern(C) is
@safe or not. Greenwashing occurs no matter what. It's only
natural with such a big breaking changing with a feature that you
have to "trust".
Consider this:
Someone is writing code, it's @safe cause it is now the default
(yay!). They come across unannotated code while searching for an
answer. They copy paste it into their source, ops compile error!
Can't use X in @safe code. Ok, so they annotate it as @system. Oh
but now their @safe code can't call @system code. So what do they
do? Annotate it as @trusted without checking it.
If Walter believed greenwashing was actually a problem, then the
best solution to prevent it would be to not make @safe by
default. If it's not that serious of a problem that he will push
through @safe by default, then greenwashing isn't actually a
problem and extern(C) should remain @system.
More information about the Digitalmars-d-announce
mailing list