Direction for @safe/-dip1000
Paul Backus
snarwin at gmail.com
Mon Feb 14 17:03:11 UTC 2022
On Monday, 14 February 2022 at 15:50:31 UTC, H. S. Teoh wrote:
> On Mon, Feb 14, 2022 at 01:15:26PM +0000, Paul Backus via
> Digitalmars-d wrote:
>> On Monday, 14 February 2022 at 08:39:58 UTC, Walter Bright
>> wrote:
> [...]
>> > Yes, although @safe does not supply complete memory safety.
>> > The addition of @live fills in much of the rest.
>>
>> Huh? My understanding is that modulo compiler bugs and
>> incorrect use of @trusted, @safe code should be 100% memory
>> safe, even without @live.
>
> The problem with @safe as it is implemented today is that it's
> implemented as a blacklist rather than a whitelist.
I did say "should be" and "modulo compiler bugs" for a reason. :)
Even with a whitelist implementation, though, we'd still have
bugs where something was accidentally whitelisted that shouldn't
have been. Several of the recent fixes to -preview=dip1000 are
for exactly this type of bug, for example.
More information about the Digitalmars-d
mailing list