Skip to content

Instantly share code, notes, and snippets.

@rikkimax

rikkimax/safer-by-default.md

Created July 29, 2024 18:23
Show Gist options
  • Save rikkimax/37cc5db5f381a9adc1dde6a9bbcad46d to your computer and use it in GitHub Desktop.
Save rikkimax/37cc5db5f381a9adc1dde6a9bbcad46d to your computer and use it in GitHub Desktop.
Download ZIP
Raw
safer-by-default.md

Safer By Default

Field Value
DIP: (number/id -- assigned by DIP Manager)
Author: Richard (Rikki) Andrew Cattermole [email protected]
Implementation: (links to implementation PR if any)
Status: Draft

Abstract

This proposal makes D more easily @safe by changing the default safety level and introducing new diagnostic logging level.

Contents

Rationale

Memory safety is increasing becoming more important to the programming field. With a signicant adoption rate of the Rust language, and with it governmental organizations becoming less tolerant of failure for compile time verifiable things. Furthermore this provides a transition path towards safety without preventing those who do not wish to not.

Prior Work

This has many a NewsGroup post about it. Along with a DIP to change the default.

TODO: link something

Description

To increase the memory safety of D, @safe must be the default for all new code.

Language

This is a two pronged approach, the first is to introduce a new safety level, this has until now been the default.

AtAttribute:
+	@ unknownsafety

The attribute @unknownsafety may not be marked on a function with a body. But may be put on a function pointer.

If a function or a function pointer has not been marked with a safety attribute, it is inferred to be @unknownsafety.

An @unknownsafety function:

  • Must not call an @system function.
  • Can call other @unknownsafety functions.
  • Will be checked against the @safe checks.

If a @unknownsafety function passes all @safe checks, then it will be upgraded to @safe.

Compiler

In the compiler, the second approach takes place. A new command line switch is added, -ms. This memory safety switch, will allow setting the diagnostic log level and for which module(s) to apply it to for all memory safety check messages.

Example:

  • -msoff dmd.*
  • -mswarn std.*
  • -msinfo *

The default level is info.

All memory safety errors that currently work by @safe would be converted to this diagnostic level.

Breaking Changes and Deprecations

In current D2 edition, the default level will need to be off to prevent code breakage. Otherwise for newer editions it will be info.

Reference

Optional links to reference material such as existing discussions, research papers or any other supplementary materials.

Copyright & License

Copyright (c) 2024 by the D Language Foundation

Licensed under Creative Commons Zero 1.0

History

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment