Rationale for accepting DIP 1028 as is
Paul Backus
snarwin at gmail.com
Wed May 27 13:25:51 UTC 2020
On Wednesday, 27 May 2020 at 05:54:32 UTC, Walter Bright wrote:
> On 5/26/2020 1:32 PM, Paul Backus wrote:
>> The reason extern function declarations are particularly
>> problematic is that changing them from @system-by-default to
>> @safe-by-default can cause *silent* breakage in existing,
>> correct code.
>
> Can you post an example of currently compiling and correctly
> working code that will break?
>
> Setting aside use of __traits(compiles, ...).
I am paraphrasing an earlier post of mine in this thread:
https://forum.dlang.org/post/yvcjpcxfyyobqubjrrxv@forum.dlang.org
The breakage is that functions which are currently correctly
considered @system will instead be considered @safe. As a result,
future changes to @safe code are at risk of introducing memory
corruption.
Strictly speaking, the breakage does not occur until those future
changes are made, so it is more accurate to say that changing
un-annotated extern declarations to @safe-by-default will put
existing code *at risk* of silent breakage. Given the prevalence
of such declarations in existing code (e.g. [1]), I think it is
inevitable that this risk will in fact lead to breakage in
practice, so I do not consider the distinction particularly
important to draw in this context.
[1] https://github.com/dlang/druntime/pull/3117
More information about the Digitalmars-d-announce
mailing list