On Wed, Jan 02, 2013 at 05:52:54PM -0500, Jonathan M Davis wrote: > On Wednesday, January 02, 2013 23:21:55 Maxim Fomin wrote: > > Again, I argue that D is a system language and there are many > > possibilities to break @safity. Although fixing holes does make > > sense in general, it does not make sense fixing obvious issues so > > that plenty of code becomes uncompilable and @safity usage becomes > > very annoying. > > Then we're going to have to disagree, and I believe that Walter and > Andrei are completely with me on this one. If all of the constructs > that you use are @safe, then it should be _guaranteed_ that your > program is memory-safe. That's what @safe is for. Yes, it can be > gotten around if the programmer marks @system code as @trusted when > it's not really memory-safe, but that's the programmer's problem. > @safe is not doing it's job and is completely pointless if it has any > holes in it beyond programmers mislabeling functions as @trusted. [...]
All extern(C) functions must be @system by default. It makes no sense to allow a @safe extern(C) function, since there is no way for the compiler to verify anything at all. The best you can do is @trusted. T -- Two American lawyers went down to the beach for a swim. Seeing a canoe rental nearby, one asked the other, "Roe, or Wade?"