@safe by default

Mathias Lang geod24 at gmail.com
Thu Jun 6 23:56:20 UTC 2024


On Thursday, 30 May 2024 at 18:35:36 UTC, Atila Neves wrote:
> https://github.com/atilaneves/DIPs/blob/safe-by-default/safe-by-default.md
>
> Destroy!

I think it should eventually happen, but we are not ready for it.
The real problem is that it is currently hard to compose with 
attributes. The problem is most evident with `@safe`, but happens 
with `nothrow`, `pure`, etc...
Until we solve this problem, `@safe`-by-default would just be 
trading one pain for another, and breaking the ecosystem in the 
process. We saw what happened with DIP1000...

Provided the issue with composition of attribute is fixed, I 
would make a suggestion to the DIP: Remove `@safe` entirely. 
Others have hinted at it, and it seems the solution is simple: 
Un-annotated definitions are `@safe`, definitions can be 
annotated to be `@system` or `@trusted`, and `extern` definitions 
MUST be annotated. It is also changing the perception - `@safe` 
is not an add-on anymore.


More information about the dip.ideas mailing list