DIP1028 - Rationale for accepting as is
Gregory
g.thompson.1892 at gmall.com
Wed May 27 12:29:42 UTC 2020
On Wednesday, 27 May 2020 at 10:03:21 UTC, Walter Bright wrote:
>> It's not an acceptable solution for people who require
>> correctness. ZombineDev can't tell an auditor that he relies
>> on D-Scanner to find the problematic spots. I believe it's
>> unavoidable to provide an option to change the default. It
>> could make extern @system or refuse to compile safe code
>> calling @safe extern.
>
> People who require correctness are going to have to manually
> audit each and every C declaration regardless. There's no way
> around it. A less strict auditor would focus his attention on
> un-annotated declarations and assume that annotated ones are
> annotated correctly.
A less strict auditor wouldn't have to look at un-annotated
extern(C) functions if they were @system by default. It's more
work for them to ensure they are actually @safe. The majority
will be un-annotated if you leave it as @safe.
More information about the Digitalmars-d-announce
mailing list