@safe by default
Timon Gehr
timon.gehr at gmx.ch
Sat Jun 1 21:06:05 UTC 2024
On 5/30/24 20:35, Atila Neves wrote:
> https://github.com/atilaneves/DIPs/blob/safe-by-default/safe-by-default.md
>
> Destroy!
- I think even more important than the default is the ability to change
the default (e.g. `default(@safe):`). This does not exist currently, but
it would be required for easy migration.
- There is not really any value in being able to write `@safe
extern(C)/extern(C++)` prototypes. It's wrong and any linter would need
to have a warning for it. I would just require an explicit `@system` or
`@trusted` annotation. Note that for `extern(C)/extern(C++)` prototypes,
`@safe` and `@trusted` have _the same semantics and interpretation_, but
only one of them looks adequately dangerous and is easy to grep.
- The DIP should clarify whether annotations like `@safe:` apply to
prototypes or whether prototypes always need an individual annotation.
- N.B.: OpenD has been experimenting with changing the default safety
level behavior to be a distinct category from the other three. (It
enables checks on pointer arithmetic, but is not transitive and does not
include DIP1000 checks.) It does not guarantee memory safety but can
catch bugs.
More information about the dip.ideas
mailing list