dip1000 and preview in combine to cause extra safety errors

[Dukc]

On Wednesday, 8 June 2022 at 15:35:56 UTC, Steven Schveighoffer 
wrote:
> So silently changing behavior to create new dangling pointers 
> with a preview switch is ok?
>
> Remember, there is already code that does this. It's not trying 
> to be clever via scope, it's not trying to be `@safe`, it's 
> expecting that an array literal is allocated on the GC (as has 
> always been the case).

This is one of the reasons why all code should endeavour to be 
`@safe` wherever possible. I believe C and C++ code often have 
the same problem: accidently relying on undefined behaviour, that 
then changes later. D in `@system` or `@trusted` is fundamentally 
no different, even if it sometimes tries to make footguns harder 
to make.

Alas, I do agree that most of us use `@system` way too much and 
thus changes like this always trip us, even when they 
theoretically should not. But I can't see a good way to avoid 
that. We could in principle try to avoid UB changes until `@safe` 
has become more widespread, but since we are people I suspect the 
habits don't change before we are kicked often enough :(.