[OffTopic] A vulnerability postmortem on Network Security Services

Paul Backus snarwin at gmail.com
Thu Dec 2 17:11:09 UTC 2021

On Thursday, 2 December 2021 at 16:44:42 UTC, Tejas wrote:
> Wish the `@safe` by default DIP had passed :(
> Any hope of reviving it and merging into master??

Only if someone can (a) come up with a better solution for 
handling `extern(C)` functions, and (b) convince Walter to accept 

I think a more likely path forward is to allow the programmer to 
specify default attributes in such a way that they can still be 
overriden by inference. For example:

// Make @safe the default for the rest of this scope

// defaults to @safe
int foo(int n) { return n; }

// error: can't cast integer to pointer in a @safe function
int* bar(int n) { return cast(int*) n; }

// ok: inferred as @system (because of `auto`)
auto baz(int n) { return cast(int*) n; }

This is the same idea as [Adam D. Ruppe's attribute proposal][1], 
but with new syntax to avoid potential breakage to existing code.

As Adam explains in his article, we cannot do this by simply 
applying the `@safe` attribute globally, because doing so will 
*override* the compiler's attribute inference, and cause 
compilation of functions like `baz` to fail. (Example: 


More information about the Digitalmars-d mailing list