Temporally safe by default

Richard (Rikki) Andrew Cattermole richard at cattermole.co.nz
Fri Apr 5 07:16:47 UTC 2024


On 05/04/2024 7:55 PM, Dom DiSc wrote:
> On Saturday, 30 March 2024 at 02:28:02 UTC, Richard (Rikki) Andrew 
> Cattermole wrote:
>> Introduce a new level to SafeD, ``@tsafe``, for temporarily safe.
> 
> I think every step in direction "@safe by default" is an improvement. 
> But what we need to avoid is generating another attribute that's 
> parallel to the existing @safe.
> 
> If what you suggest is in the same line (@system ⊇ @trusted ⊇ @tsafe ⊇ 
> @safe), so provides the same but not all of the guarantees @safe 
> provides, I'm all for it.
> But if @tsafe is independend from @safe like @life: forget it.

You have @tsafe the wrong way round to @safe.

It would be a stronger guarantee of temporal safety + more basic pointer 
safety.

@system ⊇ @trusted ⊇ @safe ⊇ @tsafe

The capability to have @safe without DIP1000 what we have now would 
exist in the compiler, and keeping a way to specify it means we can 
interact with older code that is @safe.

I considered remapping @safe in newer editions to temporal and having a 
new attribute or ``@trusted @safe`` to map to the older one but I am 
concerned it'll result in confusion when looking at different edition code.


More information about the dip.ideas mailing list