@safe by default
Nick Treleaven
nick at geany.org
Fri May 31 19:19:39 UTC 2024
On Friday, 31 May 2024 at 16:32:37 UTC, Atila Neves wrote:
> This.
I agree my argument is not necessarily an impediment to this DIP,
but it is closely related.
> I don't think we can stop programmers intent on lying to the
> compiler. As mentioned there's already `pragma(mangle)`,
Which sticks out in a review, and is clearly intentional not
accidental (as I already said).
> they can write assembly, ...
Actually that supports my case, `@safe` annotated `asm` is
deprecated:
https://dlang.org/deprecate.html#unannotated%20asm%20blocks
You have to write `@trusted` instead, *because it's not
mechanically checked*.
> I think that if there's a body written in D somewhere, it's
> unlikely someone will manually write a declaration and use the
> wrong attribute by mistake. And if there isn't, then they will
> have had to deliberately have picked an attribute.
Not convinced it's unlikely - the implementation may be @safe
when the prototype is written, then the implementation is changed
to @system and the prototype is forgotten. No reason not to
require @trusted for prototypes.
More information about the dip.ideas
mailing list