DIP 1028---Make @safe the Default---Community Review Round 1

Steven Schveighoffer schveiguy at gmail.com
Thu Jan 9 20:04:48 UTC 2020

On 1/9/20 2:59 PM, H. S. Teoh wrote:

> Yeah, I also consider this to be valuable.  Another way of doing the
> same thing is that @trusted *doesn't* allow unsafe operations by
> default, it just marks that function as needing to be manually verified,
> but within that function you have to explicitly mark out which parts are
> to be trusted:
> 	auto myfunc(Args args) @trusted {
> 		... // only @safe code allowed here
> 		@system {
> 			... // @system code allowed here
> 		}
> 		... // only @safe code allowed here
> 	}

Right, that's what I said 2 messages back ;)

> If we could design it again, probably you should have safe and system be what they are today, trusted would be safe, except where you put in unsafe blocks. This allows the code to pick which parts should be able to call system functions.


More information about the Digitalmars-d mailing list