Why are you using D instead of Rust?
Paolo Invernizzi
paolo.invernizzi at gmail.com
Sat Oct 23 12:39:51 UTC 2021
On Saturday, 23 October 2021 at 12:11:53 UTC, ag0aep6g wrote:
> On 23.10.21 14:01, Paolo Invernizzi wrote:
>> On Saturday, 23 October 2021 at 11:36:58 UTC, ag0aep6g wrote:
> [...]
>>> That function can't be @trusted. "Any function that traverses
>>> a C string passed as an argument can only be @system."
>>>
>>> https://dlang.org/spec/function.html#safe-interfaces
>>
>> I think that should be: "Any function that traverses a C
>> string _not verified to be null terminated_ can only be
>> system".
>>
>> If that check is done in the D wrapper, the function can be
>> correctly trusted.
>
> You cannot verify that a `char*` is properly terminated. You
> have to change the parameter type. And when you do that, the
> caller is not passing a C string as an argument anymore.
You are right, of course.
It's the caller that needs to assure that the char* was really
pointing to a null terminated string, so the caller could be
trusted, and the crypt function should be kept system.
More information about the Digitalmars-d
mailing list