Direction for @safe/-dip1000
Florian Weimer
fw at deneb.enyo.de
Sun Feb 13 12:37:17 UTC 2022
On Sunday, 13 February 2022 at 12:26:52 UTC, ag0aep6g wrote:
> On 13.02.22 12:15, Florian Weimer wrote:
>> I've tried to figure out where this is heading. Is the
>> eventual goal (irrespective of mechanism) that sticking
>> `@safe` onto the `main` function will ensure memory safety for
>> the whole program?
>
> Roughly, that's what @safe is supposed to be, yes. But it's not
> quite as simple because `main` isn't the only possible entry
> point, and because @trusted exists.
Right, but it's still a big step forward.
> Since you mentioned it in the topic, note that DIP 1000 doesn't
> make @safe safer. It allows some formerly @system code to
> become @safe. If you write that kind of code, DIP 1000 is nice
> to have. If you don't, DIP 1000 doesn't affect you.
Hmm. This compiles without `-dip1000` (or
`-ftransition=dip1000`), but is unsafe:
```d
int[] global;
@safe
void f0(int[] val) {
global = val;
}
@safe
void f1() {
int[3] local = [1, 2, 3];
f0(local);
}
```
It's rejected in DIP 1000 mode (both by DMD and GDC).
More information about the Digitalmars-d
mailing list