Discussion Thread: DIP 1028--Make @safe the Default--Final Review
H. S. Teoh
hsteoh at quickfur.ath.cx
Fri Apr 3 21:47:56 UTC 2020
On Fri, Apr 03, 2020 at 05:06:28PM -0400, Steven Schveighoffer via Digitalmars-d wrote:
[...]
> extern(C) int free(void *);
>
> void foo(int *ptr) // now inferred @safe
> {
> free(ptr);
> }
[...]
To drive home the point even more:
// ----- mymod.d -----
extern(C) void dealloc(void* p) @system {
import std.stdc.stdio : free;
free(p);
}
// ----- main.d -----
// N.B.: does not import mymod directly
extern(C) void dealloc(void* p); // assumed @safe by proposed rules
void main() @safe {
void* p;
dealloc(p); // oops
}
Just because an extern(C) function is written in D, guarantees NOTHING,
because the mangling name does not encode @safety. Notice above that
the prototype is assumed @safe, but this does not match the actual D
implementation, which is @system. However, this will not be caught by
the linker because of extern(C): 'dealloc' will bind to the @system
function even though main() thought it was @safe.
So yes, if this DIP gets implemented as-is, @safe becomes a joke, and we
might as well stop playing now.
T
--
Never trust an operating system you don't have source for! -- Martin Schulze
More information about the Digitalmars-d
mailing list