Walter Bright:
This seems acceptable only if the compiler switch "-scope"
implies functions to
be @safe by default and @system on request, because currently
lot of D
programmers don't apply annotations like @safe to their D
code. Opt-in safety
doesn't work well (and in D we still have the problems caused
by null pointers and references).
Safety by default is outside of the sco[pe (!) of this
discussion. Also, you can merely put:
@safe:
at the beginning of a module and it is now all safe.
I agree that @system code should allow to circumvent the part of
the type system that enforces the scoping (this happens in Rust
too) (but perhaps this has to happen only on scopes that gets
inferred and not the ones specified explicitly).
Perhaps you can't leave the "@safe on default" issue out of the
DIP69. Currently most D code I see around is not tagged with
@safe. If people don't bother applying that annotation, all the
work you will do to implement DIP69 will be wasted or partially
wasted.
------------------
From your answer to H. S. Teoh:
Are there bug reports on this?
I and other people have opened several bug reports on @safe, some
of them are (but others are present, this is a subset):
https://issues.dlang.org/show_bug.cgi?id=13615
https://issues.dlang.org/show_bug.cgi?id=13681
https://issues.dlang.org/show_bug.cgi?id=12948
https://issues.dlang.org/show_bug.cgi?id=13607
https://issues.dlang.org/show_bug.cgi?id=12845
https://issues.dlang.org/show_bug.cgi?id=6646
https://issues.dlang.org/show_bug.cgi?id=11176
https://issues.dlang.org/show_bug.cgi?id=6333
https://issues.dlang.org/show_bug.cgi?id=13054
https://issues.dlang.org/show_bug.cgi?id=13506
https://issues.dlang.org/show_bug.cgi?id=13188
Some examples of the problems (but there are also opposite
problems, like in Issue 6646):
void main() @safe {
import std.stdio, std.algorithm, std.bigint, std.typecons,
std.array;
[1, 2].sort!("a < b", SwapStrategy.stable);
auto r = [1, 2].sort().release;
writeln;
BigInt a;
a = a + a;
alias Foo = Tuple!int;
Foo[] data;
data.remove!(x => x == Foo());
int[] b;
auto c = b.capacity;
b.schwartzSort!(x => x);
const r2 = cartesianProduct([1], [1]).array;
[Typedef!int(1)].array;
}
Output, dmd 2.067alpha:
test.d(3,11): Error: safe function 'D main' cannot call system
function 'std.algorithm.sort!("a < b", cast(SwapStrategy)2,
int[]).sort'
test.d(4,25): Error: safe function 'D main' cannot call system
function 'std.range.SortedRange!(int[], "a <
b").SortedRange.release'
test.d(5,5): Error: safe function 'D main' cannot call system
function 'std.stdio.writeln!().writeln'
test.d(7,9): Error: safe function 'D main' cannot call system
function 'std.bigint.BigInt.opBinary!("+", BigInt).opBinary'
test.d(10,9): Error: safe function 'D main' cannot call system
function 'test.main.remove!((x) => x == Foo(),
cast(SwapStrategy)2, Tuple!int[]).remove'
test.d(12,15): Error: safe function 'D main' cannot call system
function 'object.capacity!int.capacity'
test.d(13,6): Error: safe function 'D main' cannot call system
function 'test.main.schwartzSort!((x) => x, "a < b",
cast(SwapStrategy)0, int[]).schwartzSort'
test.d(14,42): Error: safe function 'D main' cannot call system
function 'std.array.array!(Result).array'
test.d(15,21): Error: safe function 'D main' cannot call system
function 'std.array.array!(Typedef!(int, 0, null)[]).array'
Bye,
bearophile
