DIP1028 - Rationale for accepting as is
Walter Bright
newshound2 at digitalmars.com
Sun May 24 03:28:25 UTC 2020
I'd like to emphasize:
1. It is not possible for the compiler to check any declarations where the
implementation is not available. Not in D, not in any language. Declaring a
declaration safe does not make it safe.
2. If un-annotated declarations cause a compile time error, it is highly likely
the programmer will resort to "greenwashing" - just slapping @safe on it. I've
greenwashed code. Atila has. Bruce Eckel has. We've all done it. Sometimes even
for good reasons.
3. Un-annotated declarations are easily detectable in a code review.
4. Greenwashing is not easily detectable in a code review.
5. Greenwashing doesn't fix anything. The code is not safer. It's an illusion,
not a guarantee.
6. If someone cares to annotate declarations, it means he has at least thought
about it, because he doesn't need to. Hence it's more likely to be correct than
when greenwashed.
7. D should *not* make it worthwhile for people to greenwash code.
It is, in a not-at-all obvious way, safer for C declarations to default to being
safe.
More information about the Digitalmars-d-announce
mailing list