@safe by default

[jmh530]

On Thursday, 30 May 2024 at 18:35:36 UTC, Atila Neves wrote:
> https://github.com/atilaneves/DIPs/blob/safe-by-default/safe-by-default.md
>
> Destroy!

I was glad to see some compromise on this. I'm still not 100% 
behind it, but it is less objectionable than before, IMO.

In terms of qualms, here is an example of a module that contains 
a mix of code, some of which is bringing in compiler intrinsics 
that don't have function bodies and part of it is additional 
functions:
https://github.com/libmir/mir-core/blob/master/source/mir/math/common.d
Under this DIP, this would no longer compile, which is fine it 
isn't hard to fix. My problem is with your recommendation 
elsewhere on the thread to add `@system:` at the top. Since the 
module mixes the intrinsics and functions together, that alone is 
not sufficient. The templates then would become @system instead 
of having their attributes inferred.

One way forward is to move everything without a body into a 
separate module with `@system:` at the top and publicly import 
that here. That's ok, although it separates the documentation. 
The other option is to go function by function to add the @system 
to each function.

I think some people have proposed solutions to this issue in the 
past when this comes up. I think it can't hurt to give some more 
thought to any improvements that can be brought to bear before 
this is adopted.

You're still potentially in for a lot of code breakage that could 
keep a lot of people on the old edition for a while. Hopefully 
the edition approach is able to make ease this transition, 
although it's hard to ignore the risk of bifurcation.