Is it possible to dynamically load a @safe function from a shared library ?

[wjoe]

On Friday, 13 March 2020 at 18:30:51 UTC, H. S. Teoh wrote:
> On Fri, Mar 13, 2020 at 06:11:01PM +0000, wjoe via 
> Digitalmars-d-learn wrote:
>> On Friday, 13 March 2020 at 17:05:32 UTC, Mike Parker wrote:
>> > On Friday, 13 March 2020 at 16:11:53 UTC, wjoe wrote:
>> > > On Friday, 13 March 2020 at 16:04:06 UTC, Mike Parker 
>> > > wrote:
> [...]
>> > > > bindSymbol(cast(void**)&apiVersion, "VersionOfAPI");
> [...]
>> This also means that LoadPlugin() can't be @safe - or at least 
>> the
>> call to bindSymbol.
> [...]
>
> Of course it cannot be @safe, because it depends on whether the 
> symbol defined in the library you loaded is actually @safe.  
> You cannot know that for sure (for example, maybe it exports a 
> symbol that happens to coincide with the mangling of a @safe 
> function, but isn't in fact @safe).  Similarly, at least on 
> Posix, shared libraries only export symbol names, the actual 
> type is not part of the shared library API other than what is 
> encoded in the mangled symbol.  So you don't know for sure that 
> you're actually casting to the correct type, for example; if 
> you make a mistake, you might get UB and memory corruption.
>
> So essentially, you're trusting that the symbol you just looked 
> up is actually pointing to what you think it's pointing to.  
> Therefore, it makes sense that such calls have to be @trusted.
>
>
> T

I wasn't aware that pragma(mangle, ..) can practically name any 
function anything. So from what I understand, because, at least 
on Posix, since there's only a symbol name there's nothing I can 
do in my loader to verify that a function is or does what it 
claim to be/do.

This is kind of disappointing but well worth the lessons learned.

Thanks for your reply.