Discussion Thread: DIP 1028--Make @safe the Default--Final Review

[Steven Schveighoffer]

In response to Walter's response to ag*, I would say that there is a 
fatal problem with automatically allowing extern(C) function prototypes 
(and really, anything that does not mangle @safe) to be default @safe.

The reason is simple -- the change is silent and automatically marks 
everything @safe that has not been checked.

I would argue that if the compiler is going to make things @safe by 
default, then things that are not marked and are not @safe should not 
compile AT ALL COSTS. Otherwise the value of @safe is completely lost.

The DIP should be rejected IMO unless all functions with no mechanism to 
mangle @safe into the name (e.g. extern(C), extern(C++), etc) that have 
no implementation are either:

a) required to be marked, or
b) default @system.

Everything else in the DIP is possibly annoying to deal with but at 
least doesn't silently destroy the meaning of @safe.

I will note that I support the notion of @safe by default. I would be in 
favor of the DIP as long as this fatal flaw is not included.

-Steve