Transition to @safe by default
Richard (Rikki) Andrew Cattermole
richard at cattermole.co.nz
Tue Jul 30 19:19:10 UTC 2024
On 30/07/2024 5:11 PM, IchorDev wrote:
> On Monday, 29 July 2024 at 18:23:37 UTC, Richard (Rikki) Andrew
> Cattermole wrote:
>> https://gist.github.com/rikkimax/37cc5db5f381a9adc1dde6a9bbcad46d
>
> I’m really liking this idea, I think this is very close to something I’d
> be fine with. I do have one reservation though:
>
> Even people who want all of their code to be `@safe` (which includes
> myself) often need to use C libraries. Even if you check whole libraries
> to mark functions as `@trusted`, there are libraries like OpenGL which
> require using `__gshared` function pointers.
> Riki’s DIP appears to address this by (correct me if I’m wrong) making
> it so that these external C functions, when unmarked, can be called by
> unmarked D code. The issue is, unmarked code can be upgraded to `@safe`.
> I think this upgrade process should not happen if a function calls an
> unmarked function with no body. In fact, I suggest we make body-less
> functions `@system` by default.
Yes, I didn't state this but this is how I've always thought as it is
based upon what the compiler can prove.
More information about the dip.ideas
mailing list