[Issue 13838] New: @safe by default
via Digitalmars-d-bugs
digitalmars-d-bugs at puremagic.com
Mon Dec 8 15:32:21 PST 2014
https://issues.dlang.org/show_bug.cgi?id=13838
Issue ID: 13838
Summary: @safe by default
Product: D
Version: D2
Hardware: x86
OS: Windows
Status: NEW
Severity: enhancement
Priority: P1
Component: DMD
Assignee: nobody at puremagic.com
Reporter: bearophile_hugs at eml.cc
Languages like Rust show us how important memory safety is today, and the
planned DIP69 works for @safe code, this means now in D it becomes more
important to use @safe functions in most cases.
There are still some cases where you can't use @safe even if they should be
safe, some of them are shown here, but Phobos/druntime is getting better, and
they will decrease:
void main() @safe {
import std.stdio, std.algorithm, std.bigint, std.typecons, std.array;
[1, 2].sort!("a < b", SwapStrategy.stable);
auto r = [1, 2].sort().release;
writeln;
BigInt a;
a = a + a;
alias Foo = Tuple!int;
Foo[] data;
data.remove!(x => x == Foo());
int[] b;
auto c = b.capacity;
b.schwartzSort!(x => x);
const r2 = cartesianProduct([1], [1]).array;
[Typedef!int(1)].array;
}
So perhaps it's a good idea to have @safe functions by default. This is how it
could be done:
Step 1) Introduce a "-safe" compiler switch that gives a warning where a
function unmarked with @system/@trusted calls a @system/@trusted function or
performs memory-unsafe operations. This will help D developers improve Phobos.
Step 2) The functions defined above generate a warning if the -wi/-w switches
are used (even if no -safe switch is used).
Step 3) The functions defined above generate a deprecation message (even if no
-safe switch is used). The compiler -safe switch is still allowed, but it's not
documented in the options help message of the compiler.
Step 4) The functions defined above give an error, and the -safe switch is
removed from the compiler (it's not recognized any more).
See also Issue 12941
--
More information about the Digitalmars-d-bugs
mailing list