Why are you using D instead of Rust?

Paolo Invernizzi paolo.invernizzi at gmail.com
Sat Oct 23 12:39:51 UTC 2021

On Saturday, 23 October 2021 at 12:11:53 UTC, ag0aep6g wrote:
> On 23.10.21 14:01, Paolo Invernizzi wrote:
>> On Saturday, 23 October 2021 at 11:36:58 UTC, ag0aep6g wrote:
> [...]
>>> That function can't be @trusted. "Any function that traverses 
>>> a C string passed as an argument can only be @system."
>>> https://dlang.org/spec/function.html#safe-interfaces
>> I think that should be: "Any function that traverses a C 
>> string _not verified to be null terminated_ can only be 
>> system".
>> If that check is done in the D wrapper, the function can be 
>> correctly trusted.
> You cannot verify that a `char*` is properly terminated. You 
> have to change the parameter type. And when you do that, the 
> caller is not passing a C string as an argument anymore.

You are right, of course.

It's the caller that needs to assure that the char* was really 
pointing to a null terminated string, so the caller could be 
trusted, and the crypt function should be kept system.

More information about the Digitalmars-d mailing list