Discussion Thread: DIP 1028--Make @safe the Default--Final Review
Steven Schveighoffer
schveiguy at gmail.com
Wed Mar 25 14:10:18 UTC 2020
In response to Walter's response to ag*, I would say that there is a
fatal problem with automatically allowing extern(C) function prototypes
(and really, anything that does not mangle @safe) to be default @safe.
The reason is simple -- the change is silent and automatically marks
everything @safe that has not been checked.
I would argue that if the compiler is going to make things @safe by
default, then things that are not marked and are not @safe should not
compile AT ALL COSTS. Otherwise the value of @safe is completely lost.
The DIP should be rejected IMO unless all functions with no mechanism to
mangle @safe into the name (e.g. extern(C), extern(C++), etc) that have
no implementation are either:
a) required to be marked, or
b) default @system.
Everything else in the DIP is possibly annoying to deal with but at
least doesn't silently destroy the meaning of @safe.
I will note that I support the notion of @safe by default. I would be in
favor of the DIP as long as this fatal flaw is not included.
-Steve
More information about the Digitalmars-d
mailing list