DIP 1028---Make @safe the Default---Community Review Round 1

bachmeier no at spam.net
Thu Jan 2 15:25:15 UTC 2020

On Thursday, 2 January 2020 at 13:49:43 UTC, jmh530 wrote:
> On Thursday, 2 January 2020 at 12:34:05 UTC, bachmeier wrote:
>> [snip]
>> What compiler do you use? I always get error messages when I 
>> try to call @system functions from @safe code.
>> [snip]
> Nothing prevents you from going function by function to verify 
> if you can make things @trusted or @safe. It would be a big 
> time commitment for legacy code, of course.
> Or, you can just make main @system as well.
> I think what you are really trying to say is more about 
> interacting between legacy code that was @system by default and 
> new code that is @safe by default. But @system code can call 
> @safe code without any problem. So maybe just write the new 
> code as you please, but then make main @system? There is value 
> in this point. I think most people think it will be quite 
> disruptive.

You would have to go through every function in every library you 
call as well. That's not realistic, so the outcome would be a 
programming language where you sometimes have a main function, 
and sometimes you have a @system main function, and sometimes it 
matters if you choose one or the other, and sometimes it doesn't. 
Surely there has to be a better way.

I don't find it helpful to say everything is @system now. That 
might be true, but it's possible to write @trusted functions 
right now without attaching the hideous attribute to your 
function. It's much better to be able to declare that a file 
contains legacy code and treat everything in that file as 
@trusted. If you have to add @system to main, that's not only a 
horrible design, it also defeats the purpose of @safe as the 
default. If at all possible, this should be handled in such a way 
that you can continue using code already written, but that 
disappears as code gets written for @safe by default. The 
solutions I've seen in this thread are the equivalent of using a 
chain saw to remove a sliver, and while that would get the job 
done, it would be worse than no change and also completely 

Just to be clear: my proposal is that you add @legacy at the top 
of a file and everything in there will be @trusted if it's not 
marked otherwise. If you want compiler errors, don't do anything 
and the compiler will tell you which functions are not compatible 
with @safe. You can then mark them @trusted or @system or mark 
main as @system if you want. But let's not force that crazy 
solution on everyone.

More information about the Digitalmars-d mailing list