dip1000 and preview in combine to cause extra safety errors
Timon Gehr
timon.gehr at gmx.ch
Thu Jun 9 14:51:20 UTC 2022
On 09.06.22 08:53, Walter Bright wrote:
> The point of @safe by default for C declarations was:
>
> 1. so that we would not be deluged with complaints about breaking
> existing code
> ...
It really does not help much with that. In addition, it would slap
`@safe` on code that is not actually memory safe and was not intended to
be. That's also breakage.
> 2. so people would use it
>
> What people *will* do with C unsafe by default is:
>
> 1. slap `@trusted:` at the beginning and go on their merry way,
This is not what I will do, but they can of course just do that. It's
very visible in code review.
> and nothing was accomplished except annoying people
Your are predicting that some people will explicitly do the wrong and
lazy thing, hence the compiler should do the wrong and lazy thing
implicitly by default. This just makes no sense. What's the big harm in
annoying lazy people slightly more? It's not like they won't complain
loudly about `@safe` by default in any case. May as well do it right or
not at all.
More information about the Digitalmars-d
mailing list