dip1000 and preview in combine to cause extra safety errors
Adrian Matoga
dlang.spam at matoga.info
Thu Jun 9 07:59:42 UTC 2022
On Thursday, 9 June 2022 at 06:53:55 UTC, Walter Bright wrote:
> The point of @safe by default for C declarations was:
>
> 1. so that we would not be deluged with complaints about
> breaking existing code
>
> 2. so people would use it
>
> What people *will* do with C unsafe by default is:
>
> 1. slap `@trusted:` at the beginning and go on their merry way,
> and nothing was accomplished except annoying people
Still, slapping @trusted is explicit and greppable, and so can
get flagged by a simple script even before reviewed by a human.
Also, once ImportC becomes the default way of interfacing to C
APIs, their memory safety attributes are under compiler control
and circumventing that would require extra effort.
More information about the Digitalmars-d
mailing list