First Draft: Making printf @safe
Walter Bright
newshound2 at digitalmars.com
Wed Jul 17 15:37:45 UTC 2024
On 7/17/2024 3:31 AM, Nick Treleaven wrote:
>> This DIP applies to any function marked with pragma(printf) and @safe or
>> @trusted.
>
> So how does `printf` benefit from this then? It can't be marked `@trusted`.
> Would we add a `@trusted` overload taking a string format parameter and use
> non-C variadic arguments?
If pragma(printf) is there, the user is asserting that if the format string and
arguments are compatible, and the function is also marked @trusted or @safe,
then that particular call is @safe. If the function is marked @safe, and the
call checks determine that it is not safe, then that call is marked as not safe.
This is how functions like sprintf(), which cannot ever be safe, can still be
marked as @system, and still get printf format checking. And calls to fprintf
can be marked @safe.
Yes, it's a bit of special compiler magic, but it works. But it would be so
useful, and we already apply compiler magic via pragma(printf).
More information about the dip.development
mailing list