Transition to @safe by default

Richard (Rikki) Andrew Cattermole richard at cattermole.co.nz
Mon Jul 29 17:39:22 UTC 2024


On 30/07/2024 4:40 AM, Walter Bright wrote:
> So I propose "safe by default" to mean, for unattributed functions:
> 
>  1.
>     do all safety checks /except/ checking for calling unattributed
>     functions.
>  2.
>     calling @system functions in unattributed functions will be flagged
>  3.
>     calling unattributed functions will not affect attribute inference

After changing unattributed with ``@unkownsafety`` attribute, this reads 
like it is acting as ``@safe`` with no extra steps.

BUT I think I know why!

It is the same diagnostic level!

In ``ErrorSink``:

```d
void memorySafety(Module m, TRUST safetyLevel, const ref Loc loc, 
const(char)* format, ...);
```

It needs to be configurable.

``-msoff dmd.*``
``-mswarn dmd.*``
``-msinfo dmd.*``

By default it could be set to info or off.


Basically, if a function is marked as ``@system`` or ``@trusted`` you 
don't do the ``@safe`` analysis. Otherwise for messages you call this 
function and determines what level to print it as.


More information about the dip.ideas mailing list