@safe by default
Atila Neves
atila.neves at gmail.com
Fri May 31 16:32:37 UTC 2024
On Friday, 31 May 2024 at 11:42:13 UTC, Dukc wrote:
> Nick Treleaven kirjoitti 31.5.2024 klo 12.18:
>> @safe should mean mechanically checked for accidental
>> memory-safety violations - that is a more useful definition.
>> Allowing non-extern(D) linkage prototypes to be @safe breaks
>> that principle and makes @safe prototypes a minefield.
>
> I agree in principle, but note this is orthogonal to the DIP. D
> allows declaring external C functions as `@safe` right now. The
> DIP should not make it any worse, and it also doesn't prevent a
> separate proposal that would say that external non-D linked
> functions must be either `@trusted` or `@system`.
This. I don't think we can stop programmers intent on lying to
the compiler. As mentioned there's already `pragma(mangle)`, they
can write assembly, ...
I think that if there's a body written in D somewhere, it's
unlikely someone will manually write a declaration and use the
wrong attribute by mistake. And if there isn't, then they will
have had to deliberately have picked an attribute.
More information about the dip.ideas
mailing list