all OS functions should be "nothrow @trusted @nogc"

Steven Schveighoffer via Digitalmars-d digitalmars-d at puremagic.com
Tue Jul 25 17:35:13 PDT 2017


On 7/25/17 5:23 PM, Moritz Maxeiner wrote:
> On Tuesday, 25 July 2017 at 20:16:41 UTC, Steven Schveighoffer wrote:
>> The behavior is defined. It will crash with a segfault.
> 
> In C land that behaviour is a platform (hardware/OS/libc) specific 
> implementation detail (it's what you generally expect to happen, but 
> AFAIK it isn't defined in official ISO/IEC C).

In cases where C does not crash when dereferencing null, then D would 
not crash when dereferencing null. D depends on the hardware doing this 
(Walter has said so many times), so if C doesn't do it, then D won't. So 
those systems would have to be treated specially, and you'd have to work 
out your own home-grown mechanism for memory safety.

Optionally, one can redefine @safe *on those platforms* to say all 
dereferences will be checked against null, and then it could work on 
such platforms (and of course, you'd have to remove the @trusted marks 
from low-level C calls).

Either way, we can mark these as @trusted for all current D platforms.

-Steve


More information about the Digitalmars-d mailing list