Temporally safe by default
Richard (Rikki) Andrew Cattermole
richard at cattermole.co.nz
Fri Apr 5 07:16:47 UTC 2024
On 05/04/2024 7:55 PM, Dom DiSc wrote:
> On Saturday, 30 March 2024 at 02:28:02 UTC, Richard (Rikki) Andrew
> Cattermole wrote:
>> Introduce a new level to SafeD, ``@tsafe``, for temporarily safe.
>
> I think every step in direction "@safe by default" is an improvement.
> But what we need to avoid is generating another attribute that's
> parallel to the existing @safe.
>
> If what you suggest is in the same line (@system ⊇ @trusted ⊇ @tsafe ⊇
> @safe), so provides the same but not all of the guarantees @safe
> provides, I'm all for it.
> But if @tsafe is independend from @safe like @life: forget it.
You have @tsafe the wrong way round to @safe.
It would be a stronger guarantee of temporal safety + more basic pointer
safety.
@system ⊇ @trusted ⊇ @safe ⊇ @tsafe
The capability to have @safe without DIP1000 what we have now would
exist in the compiler, and keeping a way to specify it means we can
interact with older code that is @safe.
I considered remapping @safe in newer editions to temporal and having a
new attribute or ``@trusted @safe`` to map to the older one but I am
concerned it'll result in confusion when looking at different edition code.
More information about the dip.ideas
mailing list