Transition to @safe by default

Nick Treleaven nick at geany.org
Tue Jul 30 19:20:00 UTC 2024


On Monday, 29 July 2024 at 16:40:52 UTC, Walter Bright wrote:
> Function safety is actually in 4 states:
>
> 1. unattributed
> 2. @safe
> 3. @trusted
> 4. @system
>
> So I propose "safe by default" to mean, for unattributed 
> functions:
>
> 1. do all safety checks *except* checking for calling 
> unattributed functions.

And error if an unattributed function does a non-call unsafe 
operation?

> 2. calling @system functions in unattributed functions will be 
> flagged

As an error?

Then calling any unattributed function from an unattributed 
function must also be memory-safe, right? So how would 
unattributed be any more permissive than @safe?


More information about the dip.ideas mailing list