Feedback Thread: DIP 1028--Make @safe the Default--Final Review
H. S. Teoh
hsteoh at quickfur.ath.cx
Sat Apr 11 17:14:14 UTC 2020
On Sat, Apr 11, 2020 at 12:30:26AM -0700, Walter Bright via Digitalmars-d wrote:
[...]
> 6. We're just talking about the default. The whole point of @safe
> being the default is that it is far and away the most common case,
> even for C functions.
Huh, what? How on earth are C functions @safe by default?? That makes
absolutely no sense to me.
> 7. A function having different attributes depending on whether or not
> a body is present is surprising behavior
Having a C function like `extern(C) memcpy(void*, void*, size_t)`
default to @safe is even more surprising behaviour.
> 8. annotating "extern(C) void free(void*);" as @safe doesn't make it
> safe, either, again relying on the user
And therefore @safe was a joke to begin with, and we're just wasting
time working on it.
> 9. what do we do with "nothrow" by default? Say this doesn't apply to
> extern(C++) functions? Is anyone going to remember all these special
> cases?
The most sensible solution is that one set of default attributes applies
to D (i.e., extern(D)), and another set of default attributes applies to
everything else (extern(C), extern(C++), extern(whatever_else)).
The D defaults would be @safe, nothrow, pure, whatever else we wish to
default.
The non-D defaults would be @system, throwing, impure ....
Basically, when it's extern(D), we have control over how those
attributes are applied -- we have mechanical checks, etc.. But when
it's extern(another_language), we have no control over other languages
do, and therefore must assume the worst unless the user explicitly
overrides it.
So how about let's agree to this compromise: instead of a whole bunch of
convoluted confusing rules about extern(C) with or without function
bodies, let's just keep it very simple: D vs. non-D. If it's D, we use
D defaults. If it's non-D, we use pessimal defaults. The user is free
to override the defaults where it makes sense.
D vs. non-D. I think that makes it clear, straightforward, and doesn't
completely destroy any last shred of value @safe may have had.
T
--
There are four kinds of lies: lies, damn lies, and statistics.
More information about the Digitalmars-d
mailing list