On Tuesday, 26 May 2020 at 20:32:13 UTC, Paul Backus wrote:
On Tuesday, 26 May 2020 at 17:50:58 UTC, Gregory wrote:
Which will just lead people to pure @trusted: at the top of
their code to get it to compile again, with or without
extern(C) being @safe by default. Then someone that uses it as
dependency will mistaken think it is @safe. What's to stop
this kind of "greenwashing" and why is greenwashing only
important to prevent when talking about extern(C) but every
other code that will break from this change?
The reason extern function declarations are particularly
problematic is that changing them from @system-by-default to
@safe-by-default can cause *silent* breakage in existing,
correct code. By "silent", I mean that there is no message from
the compiler warning you that the memory safety of the code has
been compromised. It will still compile, and you will only find
out that something has gone wrong when you run into memory
corruption at run-time.
This undermines the entire purpose of @safe, which is to
automatically catch code with potential memory errors at
compile time.
Exactly, that's what I think as well. What I'm trying to convey
is that there's a lot of greenwashing that is going to happen.
Code doesn't work, slapping @trusted everywhere til it works is
what people are going to do, it doesn't matter if extern(C) is
@safe or not. Greenwashing occurs no matter what. It's only
natural with such a big breaking changing with a feature that you
have to "trust".
Consider this:
Someone is writing code, it's @safe cause it is now the default
(yay!). They come across unannotated code while searching for an
answer. They copy paste it into their source, ops compile error!
Can't use X in @safe code. Ok, so they annotate it as @system. Oh
but now their @safe code can't call @system code. So what do they
do? Annotate it as @trusted without checking it.
If Walter believed greenwashing was actually a problem, then the
best solution to prevent it would be to not make @safe by
default. If it's not that serious of a problem that he will push
through @safe by default, then greenwashing isn't actually a
problem and extern(C) should remain @system.