-preview=safer for D
Timon Gehr
timon.gehr at gmx.ch
Sat Dec 14 15:12:11 UTC 2024
On 12/14/24 09:46, Walter Bright wrote:
> Now that this has been merged into master, what are your reactions?
Here's what I tried. (`&x` is just a placeholder for any unsafe
operation, I am aware it would be fine for this to compile here, as it
would with DIP1000.)
```d
import std;
void foo()@system{}
void bar(){
foo(); // ok
}
void baz(){
int x;
// auto y=&x; // error, good
}
void qux(){
foo(); // ok
int x;
// auto y=&x; // error, good
}
auto bongo(){
int x;
auto y=&x; // ok, bad
}
void flarp()(){
int x;
auto y=&x; // ok, bad
}
void main(){
writeln("hi"); // ok
}
```
So I don't know, it's mixed for me. I do like the idea of linting
functions with a not necessarily safe interface using the ordinary
safety checks by default.
OTOH it is not so great that inferring a return type or using a template
will disable the checks. I cannot even opt in: there is no explicit way
to say: neither `@safe` nor inferred `@system`. I either have to go
`@safe`, which may not be an option if the function interface is not
memory safe, and even if the function interface is memory safe, I will
have to opt into transitivity of `@safe` at that point, which is already
the existing tradeoff without `-preview=safer`.
I will probably use the flag, but I have projects where a lot of my code
or, more importantly, code in its dependencies, is templated and/or
infers return types. `-preview=safer` will just not do all that much there.
More information about the Digitalmars-d
mailing list