DIP1028 - Rationale for accepting as is
Paul Backus
snarwin at gmail.com
Sun May 24 16:44:01 UTC 2020
On Sunday, 24 May 2020 at 03:28:25 UTC, Walter Bright wrote:
> I'd like to emphasize:
>
> 1. It is not possible for the compiler to check any
> declarations where the implementation is not available. Not in
> D, not in any language. Declaring a declaration safe does not
> make it safe.
>
> 2. If un-annotated declarations cause a compile time error, it
> is highly likely the programmer will resort to "greenwashing" -
> just slapping @safe on it. I've greenwashed code. Atila has.
> Bruce Eckel has. We've all done it. Sometimes even for good
> reasons.
>
> 3. Un-annotated declarations are easily detectable in a code
> review.
>
> [...]
If we were designing a new language from scratch, I would agree
100% with your reasoning.
The problem is that there are un-annotated declarations in
existing code that have already been reviewed, committed, and
published under the assumption of @system-by-default. Those
declarations need to be flagged for re-review in order to avoid
introducing silent safety violations to existing D projects.
To address this issue, I'm working on a PR to have dmd emit a
diagnostic message when it encounters an un-annotated external
function declaration. Feel free to drop by and comment:
https://github.com/dlang/dmd/pull/11176
More information about the Digitalmars-d-announce
mailing list