Discussion Thread: DIP 1035-- at system Variables--Community Review Round 2

Paul Backus snarwin at gmail.com
Tue Mar 2 14:57:04 UTC 2021


On Tuesday, 2 March 2021 at 14:28:43 UTC, Dukc wrote:
> On Tuesday, 2 March 2021 at 14:09:01 UTC, Paul Backus wrote:
>> Good point. For user-defined unsafe types like ShortString, 
>> the compiler will have to assume that any value that can be 
>> obtained in @safe code is a safe value.
>
> But what about determining `@safe`ty of value given by 
> `@system` initializer? Is it just not attempted for 
> user-defined types? Or is the rule "`.init` value is `@safe`, 
> everything else is `@system`"? Or something more complicated?

I think you may be confusing the safety of a *value* with the 
safety of a *variable*.

Consider the following example:

     @safe ShortString makeShortString(string source) { /* ... */ }

     auto s = makeShortString("hello");

The value of `makeShortString("hello")` is *assumed* to be a safe 
value, because `makeShortString` is a @safe function. Therefore, 
the variable `s` is *determined* to be a @safe variable, because 
its initializer is a safe value.

Regarding `.init`: because default initialization of any type is 
allowed in @safe code, the `.init` value of any user-defined type 
must be a safe value. This is true today, and it will still be 
true if DIP 1035 is accepted. The fact that the compiler 
currently does not enforce this is a bug. [1]

[1] https://issues.dlang.org/show_bug.cgi?id=21675


More information about the Digitalmars-d mailing list