DIP 1028---Make @safe the Default---Community Review Round 1
no at spam.net
Thu Jan 2 11:10:38 UTC 2020
On Thursday, 2 January 2020 at 09:47:48 UTC, Mike Parker wrote:
> This is the feedback thread for the first round of Community
> Review for DIP 1028, "Make @safe the Default":
> All review-related feedback on and discussion of the DIP should
> occur in this thread. The review period will end at 11:59 PM ET
> on January 16, or when I make a post declaring it complete.
> At the end of Round 1, if further review is deemed necessary,
> the DIP will be scheduled for another round of Community
> Review. Otherwise, it will be queued for the Final Review and
> Formal Assessment.
> Anyone intending to post feedback in this thread is expected to
> be familiar with the reviewer guidelines:
> *Please stay on topic!*
> Thanks in advance to all who participate.
"This will likely break most code that has not already been
annotated with @safe, @trusted, or @system. Fortunately, the
solution is easy, although tedious: annotate functions that
aren't safe with @trusted or @system."
Maybe I'm missing something, but the spec says
"Trusted functions are guaranteed to not exhibit any undefined
behavior if called by a safe function. Furthermore, calls to
trusted functions cannot lead to undefined behavior in @safe code
that is executed afterwards. It is the responsibility of the
programmer to ensure that these guarantees are upheld."
If I want to make my code compile, I'd be forced to declare a
function @trusted *even if it shouldn't be*. In other words, if
we go down this road, @trusted loses its meaning. If I mark it
@system, that doesn't really help, because my code still isn't
going to compile.
Perhaps someone can explain where I'm wrong. If I'm correct, then
it would make more sense to declare at the top of a file that
this is legacy code and thus treated as @trusted unless marked
More information about the Digitalmars-d