Luca's meaningless thoughts  

Annotations, properties and safety are coming to D

by Leandro Lucarella on 2009- 11- 14 02:34 (updated on 2009- 11- 14 18:45)
tagged annotation, d, en, property, safe, trusted - with 0 comment(s)

Two days ago, the documentation of functions were updated with some interesting revelations...

After a lot of discussion about properties needing improvements [*], it seems like they are now officially implemented using the annotations, which seems to be official too now, after some more discussion [†].

Annotations will be used for another longly discussed feature, a safe [‡] subset of the language. At first it was thought as some kind of separate language, activated through a flag -safe (which is already in the DMD compiler but has no effect AFAIK), but after the discussion it seems that it will be part of the main language, being able to mark parts of the code as safe or trusted (unmarked functions are unsafe).

Please take a look at the discussions for the details but here are some examples:

Annotations

They are prefixed with @ and are similar to attributes (not class attributes; static, final, private, etc. see the specs for details).

For example:

@ann1 {
    // things with annotation ann1
}

@ann2 something; // one thing with annotation ann2

@ann3:
    // From now on, everything has the ann3 annotation

For now, only the compiler can define annotations, but maybe in the future the user can do it too and access to them using some reflection. Time will tell, as usual, Walter is completely silent about this.

Properties

Properties are now marked with the @property annotation (maybe a shorter annotation would be better? Like @prop). Here is an example:

class Foo {
    @property int bar() { ... } // read-only
    @property { // read-write
        char baz() { ... }
        void baz(char x) { ...}
    }

Safe

Now functions can be marked with the annotations @safe or @trusted. Unmarked functions are unsafe. Safe functions can only use a subset of the language that it's safe by some definition (memory safe and no undefined behavior are probably the most accepted definition). Here is a list of things a safe function can't do:

  • No casting from a pointer type to any type other than void*.
  • No casting from any non-pointer type to a pointer type.
  • No modification of pointer values.
  • Cannot access unions that have pointers or references overlapping with other types.
  • Calling any unsafe functions.
  • No catching of exceptions that are not derived from class Exception.
  • No inline assembler.
  • No explicit casting of mutable objects to immutable.
  • No explicit casting of immutable objects to mutable.
  • No explicit casting of thread local objects to shared.
  • No explicit casting of shared objects to thread local.
  • No taking the address of a local variable or function parameter.
  • Cannot access __gshared variables.

There is some discussion about bound-checking being active in safe functions even when the -release compiler flag is used.

Trusted functions are not checked by the compiler, but trusted to be safe (should be manually verified by the writer of the function), and can use unsafe code and call unsafe functions.

[*]

Here are some links to the property discussions:

[†]

Discussion about annotations:

[‡]

Discussions about SafeD: