Discussion Thread: DIP 1028--Make @safe the Default--Final Review

Arafel er.krali at gmail.com
Sun Apr 5 10:17:16 UTC 2020


On 5/4/20 12:06, Arafel wrote:
> ```d
> extern(C) void foo(); /* assumed @safe, or more properly, @trusted- */
> extern(C) void bar() { } /* assumed @system, why not @trusted as well? */
> 
> void main() @safe {
>      foo(); // OK: Here we assume the user verified the function
>      bar(); // ERROR: Here we don't!!
> }
> ```
> 
> Don't you find this inconsistent and confusing? For sure I do.
> 
> A.

My bad, in this case bar() would be assumned @safe and verified as well, 
and it would work. A better example would be:

```c
void foo(int **i) { /* assumed @trusted! */
     *i = 0xDEADBEEF;
}
```

```d
extern(C) void foo(int **i); /* unsafe, but assumed @safe, or more 
properly, @trusted- */
extern(C) void bar(int **i) { /* properly checked, why not assume the 
user did it? */
     *i = cast (int *) 0xDEADBEEF;
}

void main() @safe {
     int **i;
     foo(i); // OK: Here we assume the user verified the function
     bar(i); // ERROR: Here we don't!!
}
```


More information about the Digitalmars-d mailing list