Safety, undefined behavior, @safe, @trusted

Walter Bright newshound1 at digitalmars.com
Sat Nov 7 10:22:09 PST 2009


Don wrote:
> In practice, the big disadvantage which D has is that it can make calls 
> to C libraries which are not necessarily memory safe -- and this is an 
> important feature of the language. Dealing with the external, 
> uncheckable libraries is always going to be a weak point. Both Java and 
> .net have mitigated this by rewriting a fair chunk of an OS in their 
> libraries. That's probably never going to happen for D.

Java has the jni interface where one can execute arbitrary C code. 
Obviously, that isn't memory safe, either.

Some of the standard C library functions are safe, some of them aren't. 
We'll mark them appropriately in the std.c.* headers.

I expect there will be a lot of pressure for 3rd party D libraries to be 
marked as safe, so I think this problem will sort itself out over time.



More information about the Digitalmars-d mailing list