Should trusted pragma(printf) be part of the type system?
Nick Treleaven
nick at geany.org
Wed Mar 25 12:54:42 UTC 2026
A C-style variadic `pragma(printf)` function can have a safe
interface:
https://dlang.org/changelog/pending.html#dmd.saferPrintf
However, a pragma is not part of the function type. Consequently
there are safety holes for:
- [Taking address of the
function](https://github.com/dlang/dmd/issues/22794)
- [Overriding a method](https://github.com/dlang/dmd/issues/22812)
This is because the pragma disappears but the @trusted part
remains, making the new symbol wrongly @trusted. Possibly there
are other safety holes. Is there a reliable simple way to fix
those without changing the design to track this in the type
system? It could be as simple as the compiler recognizing a new
`core.attribute`, so new language syntax would be needed. If so,
now would be a good time to change this before 2.113 is released.
A lesser issue is that `pragma(printf)` can check just the format
string syntax for `va_list` functions. Possibly people might
wrongly add @trusted there:
https://github.com/dlang/dmd/issues/22786
That could be made an error either way (although if the `va_list`
parameter isn't read, it can be safe, but not very useful). But
it illustrates that having a separate attribute might be clearer
e.g. for code reviews.
More information about the Digitalmars-d
mailing list