Discussion Thread: DIP 1028--Make @safe the Default--Final Review
Jesse Phillips
Jesse.K.Phillips+D at gmail.com
Thu Mar 26 03:43:28 UTC 2020
On Wednesday, 25 March 2020 at 14:10:18 UTC, Steven Schveighoffer
wrote:
>
> The DIP should be rejected IMO unless all functions with no
> mechanism to mangle @safe into the name (e.g. extern(C),
> extern(C++), etc) that have no implementation are either:
>
> a) required to be marked, or
> b) default @system.
>
I realize my depreciation suggestion has some complication in
static analysis, but I really think it is required to smooth the
transition.
* methods using unsafe language features must have a @system
annotation; @trusted might be an option.
* a method must be annotated if it calls an @system method
The first gives first chance to determine if your api is safe.
The second creates the next layer of opportunity to make a safe
interface. If you mark it system then the second rule continues
to have you evaluate for a safe interface.
This encourages safe interfaces early. While not doing this
encourages safe interfaces at the top.
More information about the Digitalmars-d
mailing list