Discussion Thread: DIP 1028--Make @safe the Default--Final Review

[H. S. Teoh]

On Sun, Apr 12, 2020 at 05:49:34AM -0600, Jonathan M Davis via Digitalmars-d wrote:
[...]
> On Saturday, April 11, 2020 1:30:26 AM MDT Walter Bright via Digitalmars-d
> wrote:
[...]
> > 1. it's a special case inconsistency, which has its own costs and
> > confusion.
> 
> What this DIP proposes will cause even more confusion, and the
> "special case" here should be incredibly clear. The compiler cannot
> treat _anything_ as @safe unless it can mechanically verify that it's
> @safe, or the programmer has marked it as @trusted, indicating that
> _they_ have verified it. And thus, as the compiler cannot determine
> that a non-extern(D) declaration is memory safe, it cannot treat it as
> @safe. To do anything else actually makes @safe harder to understand,
> not easier.
[...]

Yes, I think a reasonable compromise is "D vs. non-D". I.e., if it's
extern(D), then the D-specific defaults apply: @safe, nothrow, etc.. But
if it's non-D, then pessimal defaults apply: @system, throwing, etc.,
and it's up to the programmer to override it if it's otherwise.

Blindly assuming @safe (and nothrow, etc.) apply to non-D declarations
by default makes no sense: you can't assume D-specific things apply to
any other language. It will make @safe essentially nothing more than lip
service and programming by convention, and destroy whatever remnants of
actual safety guarantees it may have had.


T

-- 
Bare foot: (n.) A device for locating thumb tacks on the floor.