digitalmars.D.bugs - [Issue 13838] New: safe by default
- via Digitalmars-d-bugs (49/49) Dec 08 2014 https://issues.dlang.org/show_bug.cgi?id=13838
https://issues.dlang.org/show_bug.cgi?id=13838 Issue ID: 13838 Summary: safe by default Product: D Version: D2 Hardware: x86 OS: Windows Status: NEW Severity: enhancement Priority: P1 Component: DMD Assignee: nobody puremagic.com Reporter: bearophile_hugs eml.cc Languages like Rust show us how important memory safety is today, and the planned DIP69 works for safe code, this means now in D it becomes more important to use safe functions in most cases. There are still some cases where you can't use safe even if they should be safe, some of them are shown here, but Phobos/druntime is getting better, and they will decrease: void main() safe { import std.stdio, std.algorithm, std.bigint, std.typecons, std.array; [1, 2].sort!("a < b", SwapStrategy.stable); auto r = [1, 2].sort().release; writeln; BigInt a; a = a + a; alias Foo = Tuple!int; Foo[] data; data.remove!(x => x == Foo()); int[] b; auto c = b.capacity; b.schwartzSort!(x => x); const r2 = cartesianProduct([1], [1]).array; [Typedef!int(1)].array; } So perhaps it's a good idea to have safe functions by default. This is how it could be done: Step 1) Introduce a "-safe" compiler switch that gives a warning where a function unmarked with system/ trusted calls a system/ trusted function or performs memory-unsafe operations. This will help D developers improve Phobos. Step 2) The functions defined above generate a warning if the -wi/-w switches are used (even if no -safe switch is used). Step 3) The functions defined above generate a deprecation message (even if no -safe switch is used). The compiler -safe switch is still allowed, but it's not documented in the options help message of the compiler. Step 4) The functions defined above give an error, and the -safe switch is removed from the compiler (it's not recognized any more). See also Issue 12941 --
Dec 08 2014