Transition to @safe by default

IchorDev zxinsworld at gmail.com
Tue Jul 30 05:11:04 UTC 2024


On Monday, 29 July 2024 at 18:23:37 UTC, Richard (Rikki) Andrew 
Cattermole wrote:
> https://gist.github.com/rikkimax/37cc5db5f381a9adc1dde6a9bbcad46d

I’m really liking this idea, I think this is very close to 
something I’d be fine with. I do have one reservation though:

Even people who want all of their code to be `@safe` (which 
includes myself) often need to use C libraries. Even if you check 
whole libraries to mark functions as `@trusted`, there are 
libraries like OpenGL which require using `__gshared` function 
pointers.
Riki’s DIP appears to address this by (correct me if I’m wrong) 
making it so that these external C functions, when unmarked, can 
be called by unmarked D code. The issue is, unmarked code can be 
upgraded to `@safe`. I think this upgrade process should not 
happen if a function calls an unmarked function with no body. In 
fact, I suggest we make body-less functions `@system` by default.


More information about the dip.ideas mailing list