all OS functions should be "nothrow @trusted @nogc"
Shachar Shemesh via Digitalmars-d
digitalmars-d at puremagic.com
Tue Jul 25 07:32:18 PDT 2017
On 25/07/17 17:11, ag0aep6g wrote:
> On 07/25/2017 03:50 PM, Shachar Shemesh wrote:
>> The title really does says it all. I keep copying OS function
>> declarations into my code, just so I can add those attributes to them.
>> Otherwise I simply cannot call "signalfd" and "sigemptyset" (to name a
>> couple from my most recent history) from @safe code.
>
> Not all OS functions can be `@trusted`.
>
> I don't about `signalfd` and `sigemptyset`, but `read` [1] can't be
> `@trusted`, for example. It takes pointer and length separately, and the
> pointer is a `void*`. That's not safe at all.
And, indeed, the code calling "read" shouldn't be able to do that as
@safe. Read itself, however, is trusted (because, let's face it, if you
cannot trust the kernel, you're screwed anyways).
Having said that, I have no objection to excluding the "pointer+length"
system calls from the above rule. They are, by far, the minority of
system calls.
Shachar
More information about the Digitalmars-d
mailing list