Discussion Thread: DIP 1028--Make @safe the Default--Final Review

H. S. Teoh hsteoh at quickfur.ath.cx
Fri Apr 3 21:47:56 UTC 2020


On Fri, Apr 03, 2020 at 05:06:28PM -0400, Steven Schveighoffer via Digitalmars-d wrote:
[...]
> extern(C) int free(void *);
> 
> void foo(int *ptr) // now inferred @safe
> {
>    free(ptr);
> }
[...]

To drive home the point even more:

	// ----- mymod.d -----
	extern(C) void dealloc(void* p) @system {
		import std.stdc.stdio : free;
		free(p);
	}


	// ----- main.d -----
	// N.B.: does not import mymod directly
	extern(C) void dealloc(void* p); // assumed @safe by proposed rules
	void main() @safe {
		void* p;
		dealloc(p);	// oops
	}

Just because an extern(C) function is written in D, guarantees NOTHING,
because the mangling name does not encode @safety.  Notice above that
the prototype is assumed @safe, but this does not match the actual D
implementation, which is @system.  However, this will not be caught by
the linker because of extern(C): 'dealloc' will bind to the @system
function even though main() thought it was @safe.

So yes, if this DIP gets implemented as-is, @safe becomes a joke, and we
might as well stop playing now.


T

-- 
Never trust an operating system you don't have source for! -- Martin Schulze


More information about the Digitalmars-d mailing list