@safe by default
Quirin Schroll
qs.il.paperinik at gmail.com
Mon Jun 3 11:08:36 UTC 2024
On Thursday, 30 May 2024 at 18:35:36 UTC, Atila Neves wrote:
> https://github.com/atilaneves/DIPs/blob/safe-by-default/safe-by-default.md
>
> Destroy!
Because of a lack of mangling, `extern(X)` where `X` isn’t `D`
shouldn’t ever be allowed to be annotated `@safe` unless it’s a
definition.
The right way:
```d
module a;
extern(C) int f(int) @trusted;
extern(C) int f(int) @safe; // compile error: `extern(C)`
function cannot be verified `@safe`. Hint: If the implementation
is written in D in another module, use `@trusted`.
```
```d
module b;
extern(C) int f(int x) @safe => x; // okay: implementation present
```
In this case, unfortunately, `@trusted` can mean two things:
* The implementation is `@system`, but the developer verified it
is fool-proof to use UB-free.
* The developer verified the implementation is annotated `@safe`.
In this case, a comment can be added to indicate this case.
More information about the dip.ideas
mailing list