@safe by default

Atila Neves atila.neves at gmail.com
Mon Jun 3 15:55:00 UTC 2024


On Saturday, 1 June 2024 at 21:06:05 UTC, Timon Gehr wrote:
> On 5/30/24 20:35, Atila Neves wrote:
>> https://github.com/atilaneves/DIPs/blob/safe-by-default/safe-by-default.md
>> 
>> Destroy!
>
> - I think even more important than the default is the ability 
> to change the default (e.g. `default(@safe):`). This does not 
> exist currently, but it would be required for easy migration.

That's a good point, but: do we only do it for this attribute or 
for the others as well?

> - There is not really any value in being able to write `@safe 
> extern(C)/extern(C++)` prototypes. It's wrong and any linter 
> would need to have a warning for it. I would just require an 
> explicit `@system` or `@trusted` annotation. Note that for 
> `extern(C)/extern(C++)` prototypes, `@safe` and `@trusted` have 
> _the same semantics and interpretation_, but only one of them 
> looks adequately dangerous and is easy to grep.

I get this, but the issue is that those functions might actually 
be written in D.

> - The DIP should clarify whether annotations like `@safe:` 
> apply to prototypes or whether prototypes always need an 
> individual annotation.

Added.




More information about the dip.ideas mailing list