DIP 1028---Make @safe the Default---Community Review Round 1
bachmeier
no at spam.net
Thu Jan 2 15:25:15 UTC 2020
On Thursday, 2 January 2020 at 13:49:43 UTC, jmh530 wrote:
> On Thursday, 2 January 2020 at 12:34:05 UTC, bachmeier wrote:
>> [snip]
>>
>> What compiler do you use? I always get error messages when I
>> try to call @system functions from @safe code.
>> [snip]
>
> Nothing prevents you from going function by function to verify
> if you can make things @trusted or @safe. It would be a big
> time commitment for legacy code, of course.
>
> Or, you can just make main @system as well.
>
> I think what you are really trying to say is more about
> interacting between legacy code that was @system by default and
> new code that is @safe by default. But @system code can call
> @safe code without any problem. So maybe just write the new
> code as you please, but then make main @system? There is value
> in this point. I think most people think it will be quite
> disruptive.
You would have to go through every function in every library you
call as well. That's not realistic, so the outcome would be a
programming language where you sometimes have a main function,
and sometimes you have a @system main function, and sometimes it
matters if you choose one or the other, and sometimes it doesn't.
Surely there has to be a better way.
I don't find it helpful to say everything is @system now. That
might be true, but it's possible to write @trusted functions
right now without attaching the hideous attribute to your
function. It's much better to be able to declare that a file
contains legacy code and treat everything in that file as
@trusted. If you have to add @system to main, that's not only a
horrible design, it also defeats the purpose of @safe as the
default. If at all possible, this should be handled in such a way
that you can continue using code already written, but that
disappears as code gets written for @safe by default. The
solutions I've seen in this thread are the equivalent of using a
chain saw to remove a sliver, and while that would get the job
done, it would be worse than no change and also completely
unnecessary.
Just to be clear: my proposal is that you add @legacy at the top
of a file and everything in there will be @trusted if it's not
marked otherwise. If you want compiler errors, don't do anything
and the compiler will tell you which functions are not compatible
with @safe. You can then mark them @trusted or @system or mark
main as @system if you want. But let's not force that crazy
solution on everyone.
More information about the Digitalmars-d
mailing list