DIPs icon indicating copy to clipboard operation
DIPs copied to clipboard

Published 20 hours ago verified publisher icon dlang

Safe by default v2

Open skyline131313 opened this issue 2 years ago • 11 comments

skyline131313 avatar Jun 15 '22 14:06 skyline131313

Please add your name and contact info to the author field. You can remove Walter's.

mdparker avatar Jun 16 '22 00:06 mdparker

The DIP does not (explicitly) talk about function pointer and delegate types, especially when those types are used as a function parameter or function return type. With this DIP, which of the following two is the function declaration

void delegate() getCallback();

equivalent to?

void delegate() @safe getCallback() @safe;

or

void delegate() @system getCallback() @safe;

or some third option I could not think of?

With this DIP, which of the following two is the function declaration

void register(void delegate() callback);

equivalent to?

void register(void delegate() @safe callback) @safe;

or

void register(void delegate() @system callback) @safe;

or some third option I could not think of?

Bolpat avatar Jun 21 '22 07:06 Bolpat

I think a more pragmatic step would be to opt in to @safe per module - @safe module foo;. That is far more flexible than a preview switch and allows mixing use of safe modules with non safe modules in the same compiler invocation. There are lots of awkward issues with changing the default. By opting in per source file those are avoided.

ntrel avatar Aug 01 '22 11:08 ntrel

I need a name and contact info in the Author field, please. Walter's name goes second if you're reusing content from his original DIP.

mdparker avatar Aug 22 '22 03:08 mdparker

@ntrel, in which regard would @safe module foo; be different from module foo; @safe:?

Bolpat avatar Sep 01 '22 09:09 Bolpat

@ntrel, in which regard would @safe module foo; be different from module foo; @safe:?

I'm pretty sure that @safe: won't make struct or class member-functions @safe.

ichordev avatar Sep 01 '22 10:09 ichordev

I'm pretty sure that @safe: won't make struct or class member-functions @safe.

It does! Unlike @nogc nothrow pure, which don't propagate through scopes.

dkorpel avatar Sep 01 '22 10:09 dkorpel

@Bolpat @safe: turns off inference of safety for templates, inferred return type functions and function literals. @safe module foo; would just change the default safety but not override inference.

ntrel avatar Sep 01 '22 12:09 ntrel

@ntrel, I used templates and attributes a lot, but never stumbled on this; wow. Probably because I consider attribute: harmful for anything except public and private.

Bolpat avatar Sep 05 '22 15:09 Bolpat

@skyline131313 I've emailed you recently about moving this into review. Please get back to me when you're ready to move forward.

mdparker avatar Oct 27 '22 13:10 mdparker

This will need to show benefit over inference of safety (which it currently does not).

rikkimax avatar Oct 28 '22 04:10 rikkimax