Transition to @safe by default
Walter Bright
newshound2 at digitalmars.com
Tue Aug 6 00:54:32 UTC 2024
On 7/30/2024 1:09 PM, Timon Gehr wrote:
> What is a characterization of those unattributed functions that are the root
> cause for any lack of memory safety in unattributed functions? Is it just
> `extern(C)` function prototypes? If so, that seems a bit weird.
Function prototypes can only be taken at face value. If they are unattributed,
they would be accepted as callable from @safe code. Or we could simply say that
prototypes would have to be explicitly attributed in order to be callable from
@safe code.
> - calling a single `@system` function in an unattributed one would disable other
> safety checks in that unattributed function as it would then infer `@system`.
Not necessarily. But it would still require the caller to mark the function
@trusted or @system.
> - there is still no way to enable safety checks in `@trusted` functions.
One can always switch it temporarily to @safe, fix any errors, then put it back.
But in general, trusted code should be a very small part of a program.
More information about the dip.ideas
mailing list