[OffTopic] A vulnerability postmortem on Network Security Services
Paul Backus
snarwin at gmail.com
Thu Dec 2 17:11:09 UTC 2021
On Thursday, 2 December 2021 at 16:44:42 UTC, Tejas wrote:
>
> Wish the `@safe` by default DIP had passed :(
> Any hope of reviving it and merging into master??
Only if someone can (a) come up with a better solution for
handling `extern(C)` functions, and (b) convince Walter to accept
it.
I think a more likely path forward is to allow the programmer to
specify default attributes in such a way that they can still be
overriden by inference. For example:
```d
// Make @safe the default for the rest of this scope
default(@safe):
// defaults to @safe
int foo(int n) { return n; }
// error: can't cast integer to pointer in a @safe function
int* bar(int n) { return cast(int*) n; }
// ok: inferred as @system (because of `auto`)
auto baz(int n) { return cast(int*) n; }
```
This is the same idea as [Adam D. Ruppe's attribute proposal][1],
but with new syntax to avoid potential breakage to existing code.
As Adam explains in his article, we cannot do this by simply
applying the `@safe` attribute globally, because doing so will
*override* the compiler's attribute inference, and cause
compilation of functions like `baz` to fail. (Example:
https://run.dlang.io/is/s9iuKq)
[1]:
https://dpldocs.info/this-week-in-d/Blog.Posted_2020_01_13.html
More information about the Digitalmars-d
mailing list