Transition to @safe by default
Nick Treleaven
nick at geany.org
Tue Jul 30 19:20:00 UTC 2024
On Monday, 29 July 2024 at 16:40:52 UTC, Walter Bright wrote:
> Function safety is actually in 4 states:
>
> 1. unattributed
> 2. @safe
> 3. @trusted
> 4. @system
>
> So I propose "safe by default" to mean, for unattributed
> functions:
>
> 1. do all safety checks *except* checking for calling
> unattributed functions.
And error if an unattributed function does a non-call unsafe
operation?
> 2. calling @system functions in unattributed functions will be
> flagged
As an error?
Then calling any unattributed function from an unattributed
function must also be memory-safe, right? So how would
unattributed be any more permissive than @safe?
More information about the dip.ideas
mailing list