D not considered memory safe
Timon Gehr
timon.gehr at gmx.ch
Mon Jul 22 19:00:20 UTC 2024
On 7/22/24 18:51, Walter Bright wrote:
> On 7/20/2024 9:10 AM, Timon Gehr wrote:
>> You are marking functions as `pragma(local_safe)` one by one while you
>> fix any errors that pop up. The code remains compilable for the entire
>> time. Then once the entire cycle has been fixed, you can replace
>> `pragma(local_safe)` by `@safe`.
>
> How is that different from marking with @trusted?
>
It will not make the function callable from properly `@safe` code yet,
it will just enable some checks. There could be another `pragma` (e.g.,
`pragma(local_safe, false)` to silence the checks for some portion of
the function.
This way you can gradually enable checks without introducing safety lies
into the type system. Once all the checks pass, memory safety has been
established and you can mark the functions properly `@safe`.
Maybe `pragma(check_safe)` that checks the entire body, even function
calls, would be more useful on its own, but we could easily have both.
Anyway, the point is there should be a way to have the compiler help you
do this kind of safety scaffolding without you needing to lie to the
compiler.
More information about the Digitalmars-d
mailing list