Rationale for accepting DIP 1028 as is
Paul Backus
snarwin at gmail.com
Tue May 26 20:32:13 UTC 2020
On Tuesday, 26 May 2020 at 17:50:58 UTC, Gregory wrote:
> Which will just lead people to pure @trusted: at the top of
> their code to get it to compile again, with or without
> extern(C) being @safe by default. Then someone that uses it as
> dependency will mistaken think it is @safe. What's to stop this
> kind of "greenwashing" and why is greenwashing only important
> to prevent when talking about extern(C) but every other code
> that will break from this change?
The reason extern function declarations are particularly
problematic is that changing them from @system-by-default to
@safe-by-default can cause *silent* breakage in existing, correct
code. By "silent", I mean that there is no message from the
compiler warning you that the memory safety of the code has been
compromised. It will still compile, and you will only find out
that something has gone wrong when you run into memory corruption
at run-time.
This undermines the entire purpose of @safe, which is to
automatically catch code with potential memory errors at compile
time.
More information about the Digitalmars-d-announce
mailing list