[phobos] Making std.stdio.readf @safe

Walter Bright via phobos phobos at puremagic.com
Tue Feb 7 03:41:44 PST 2017

I haven't examined that particular issue, but @trusted applies to things with a 
SAFE INTERFACE. Just sticking it on any old system function does not work. For 
example, declaring strlen() to be @trusted is a giant mistake, because it's 
interface is not safe.

On 2/5/2017 1:44 PM, Jakub Łabaj via phobos wrote:
> There is an idea to make stdio.readf @trusted/@safe (reported here:
> https://issues.dlang.org/show_bug.cgi?id=8471). What currently makes it unsafe
> is LockingTextReader using functions FLOCK, FUNLOCK, FGETC (aliased from extern
> functions, dependent on the OS) and using a cast from 'shared(_IO_FILE)*' to
> '_IO_FILE*'.
> I found out that stdio.write* functions are made @safe by declaring all methods
> of LockingTextWriter (similar to LockingTextReader) @trusted and using helper
> function:
> /**
>   * Property used by writeln/etc. so it can infer @safe since stdout is __gshared
> */
> private @property File trustedStdout() @trusted
> {
>     return stdout;
> }
> So the obvious solution is to copy the approach of stdio.write. The other one
> would be to mark underlying functions FLOCK/FUNLOCK/FGETC @trusted (which in the
> process would allow to get rid off @trusted from LockingTextWriter, except
> casting from shared), but I'm not sure if it's legit as there may be some quirks
> and they should not be @trusted at all.
> So my question are: are both solutions presented acceptable? If yes, which one
> is preferred? Or maybe there is a better one?
> _______________________________________________
> phobos mailing list
> phobos at puremagic.com
> http://lists.puremagic.com/mailman/listinfo/phobos

More information about the phobos mailing list