safer by default ergonomics w/ system variables: only warn by default…

… on explicitly system var, also make trusted var and system var w/ system initializer respect the user wish and not set the inferred flag
opendlang · Sep 20, 2024 · 6a53dd1 · 6a53dd1
1 parent 0cf7ef5
commit 6a53dd1
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 9 deletions.
diff --git a/compiler/src/dmd/expressionsem.d b/compiler/src/dmd/expressionsem.d
@@ -1471,12 +1471,18 @@ Lagain:
         {
             if (sd.isSystem())
             {
+                bool inferred = false;
+                VarDeclaration v = sd.isVarDeclaration();
+
+                if (v && v.systemInferred)
+                        inferred = true;
+
                 if (sc.setUnsafe(false, loc,
-                    "cannot access `@system` variable `%s` in @safe code", sd))
+                    "cannot access `@system` variable `%s` in `@safe` code", sd, null, null, !inferred))
                 {
-                    if (auto v = sd.isVarDeclaration())
+                    if (v)
                     {
-                        if (v.systemInferred)
+                        if (inferred)
                             errorSupplemental(v.loc, "`%s` is inferred to be `@system` from its initializer here", v.toChars());
                         else
                             errorSupplemental(v.loc, "`%s` is declared here", v.toChars());
@@ -2084,7 +2090,7 @@ private bool checkSafety(FuncDeclaration f, ref Loc loc, Scope* sc)
                     sc.varDecl.toChars(), f.toChars());
                 return true;
             }
-            else
+            else if(!(sc.varDecl.storage_class & (STC.system | STC.trusted)))
             {
                 sc.varDecl.storage_class |= STC.system;
                 sc.varDecl.systemInferred = true;

diff --git a/compiler/src/dmd/func.d b/compiler/src/dmd/func.d
@@ -1639,7 +1639,7 @@ version (IN_LLVM)
     extern (D) final bool setUnsafe(
         bool gag = false, Loc loc = Loc.init, const(char)* fmt = null,
         RootObject arg0 = null, RootObject arg1 = null, RootObject arg2 = null,
-        bool checkedByDefault = true)
+        bool checkedByDefault = true) @system
     {
         if (safetyInprocess)
         {
@@ -1670,7 +1670,34 @@ version (IN_LLVM)
         else if (checkedByDefault && !isSystem() && !isTrusted())
         {
             if (!gag && fmt)
+            {
+                char[128] refmt = 0;
+                auto it = strstr(fmt, "`@safe` code");
+                if(it !is null)
+                {
+                    auto before = fmt[0 .. it - fmt];
+                    auto after  = fmt[it - fmt + "`@safe` code".length .. strlen(fmt)];
+                    if(before.length + 1 > refmt.length)
+                        goto abandon;
+                    refmt[0 .. before.length] = before[];
+                    auto spot = before.length;
+                    enum replace = "non-`@system`/`@trusted` code";
+                    if(spot + replace.length + 1 > refmt.length)
+                        goto abandon;
+                    refmt[spot .. spot + replace.length] = replace[];
+                    spot += replace.length;
+                    if(spot + after.length + 1 > refmt.length)
+                        goto abandon;
+                    refmt[spot .. spot + after.length] = after[];
+                    spot += after.length;
+                    if(spot >= refmt.length)
+                        goto abandon;
+                    refmt[spot] = 0;
+                    fmt = refmt.ptr;
+                }
+                abandon:
                 .deprecation(loc, fmt, arg0 ? arg0.toChars() : "", arg1 ? arg1.toChars() : "", arg2 ? arg2.toChars() : "");
+            }
 
             return false;
         }
@@ -4670,8 +4697,11 @@ bool setUnsafe(Scope* sc,
             }
             else if (!(sc.varDecl.storage_class & STC.trusted))
             {
-                sc.varDecl.storage_class |= STC.system;
-                sc.varDecl.systemInferred = true;
+                if (!(sc.varDecl.storage_class & STC.system))
+                {
+                    sc.varDecl.storage_class |= STC.system;
+                    sc.varDecl.systemInferred = true;
+                }
             }
         }
         return false;

diff --git a/compiler/src/dmd/lexer.d b/compiler/src/dmd/lexer.d
@@ -1198,7 +1198,7 @@ class Lexer
         return t;
     }
 
-    private Identifier lexIdent(Token* t)
+    private Identifier lexIdent(Token* t) @system
     {
         while (1)
         {

diff --git a/compiler/src/dmd/safe.d b/compiler/src/dmd/safe.d
@@ -62,7 +62,7 @@ bool checkUnsafeAccess(Scope* sc, Expression e, bool readonly, bool printmsg)
         if (v.isSystem())
         {
             if (sc.setUnsafe(!printmsg, e.loc,
-                "cannot access `@system` field `%s.%s` in `@safe` code", ad, v))
+                "cannot access `@system` field `%s.%s` in `@safe` code", ad, v, null, !v.systemInferred))
                 return true;
         }