Discussion Thread: DIP 1028--Make @safe the Default--Final Review
Steven Schveighoffer
schveiguy at gmail.com
Mon Apr 6 12:35:20 UTC 2020
On 4/5/20 10:43 PM, Walter Bright wrote:
> On 4/5/2020 12:22 PM, Timon Gehr wrote:
>> I really doubt that. It's a simple rule. The version that is easiest
>> to implement is you simply disallow extern(C) functions without body
>> to be marked @safe. It's a single `if` statement in an appropriate place.
>
> Famous last words.
>
> Just look at the swamp of misery from "simple" C rules, such as their
> effect on C++ overloading. The quagmire got a lot worse when C++ added
> type inference. I attended a Scott Meyers talk that was a full hour long
> just on the weird special cases forced on C++ due to those simple rules.
> Companies pay Scott a boatload of cash for these lectures.
Is this really your argument? Do we need Scott Meyers to explain such
"esoteric" compiler errors like:
Error: cannot call @system function memcpy from @safe function main.
I think this is not an hour-long talk, but a 10-second talk: "C
functions aren't checked by the D compiler, so they are @system by
default." Done.
I think possibly those folks are going to be much more vulnerable to the
existing rules surrounding @trusted that many of the core D developers
can't seem to get right.
@system by default extern(C) functions are literally the most
understandable and correct part of the whole D @safe/@system/@trusted
system. And you want to remove that. Please reconsider.
-Steve
More information about the Digitalmars-d
mailing list