A safer interface for core.stdc
Dicebot via Digitalmars-d
digitalmars-d at puremagic.com
Mon Feb 9 01:39:36 PST 2015
On Saturday, 7 February 2015 at 23:50:55 UTC, Andrei Alexandrescu
wrote:
> I was looking into ways to make core.stdc safer. That should be
> relatively easy to do by defining a few wrappers. For example:
>
> int setvbuf(FILE* stream, char* buf, int mode, size_t size);
>
> is unsafe because there's no relationship between buf and size.
> But this is fine:
>
> @trusted int setvbuf(T)(FILE* stream, T[] buf, int mode)
> if (is(T == char) || is(T == byte) || is(T == ubyte))
> {
> return setvbuf(stream, cast(char*) buf.ptr, mode,
> buf.length);
> }
>
> Another example is:
>
> int stat(in char*, stat_t*);
>
> which may start reading through random memory if the string is
> not zero-terminated. Again, the solution is here to ensure the
> string does have a terminating zero:
>
> @trusted int stat(in char[] name, stat_t* p)
> {
> if (isZeroTerminated(name)) return stat(name.ptr, p);
> auto t = cast(char*) malloc(name.length + 1);
> scope(exit) free(t);
> memcpy(t, name.ptr, name.length);
> t[name.length] = 0;
> return stat(t, p);
> }
>
> Such wrappers would allow safe code to use more C stdlib
> primitives. The question is whether these wrappers are worth
> adding to core.stdc.stdio.
>
>
> Thanks,
>
> Andrei
I think this is crucial if we want to keep actual Phobos sources
easily review-able within your requirements. There is a good
value in having `core.stdc` to map C headers 1-to-1 though.
Would you consider separate `core.safestdc` package tree where
such wrappers could be put on per need basis (duplicating tree
structure of core.stdc modules internally)
More information about the Digitalmars-d
mailing list