Question and proposal: Can D be used to compile and run untrusted plug-ins?

Moamen Abdelsattar moemen0101 at
Sat Dec 4 11:33:21 UTC 2021

I've recently known that D functions can be marked as `@safe`, 
which makes all unsafe operations unallowed inside the function, 
my question is: Can this feature be used to compile and run 
untrusted D code safely?
I mean: Let's say We have a program written in D or C, and we 
want to allow the user to extend the program by writing plug-ins 
and compiling them into dynamic libraries (like notepadd++ 
Now the plug-in can access all system calls and can do something 
malicious, but what if the plug-in is written in D and we have 
something like `-forceSafe` compiler flag (which is the proposal) 
that will force every function written by the user to be `@safe`. 
Now, the user can only import the application's API and use it to 
perform functions and can't access the system directly. Is that 

More information about the Digitalmars-d mailing list