all OS functions should be "nothrow @trusted @nogc"
Moritz Maxeiner via Digitalmars-d
digitalmars-d at puremagic.com
Thu Jul 27 08:08:51 PDT 2017
On Thursday, 27 July 2017 at 14:45:03 UTC, Steven Schveighoffer
wrote:
> On 7/27/17 10:20 AM, Moritz Maxeiner wrote:
>> On Thursday, 27 July 2017 at 13:56:00 UTC, Steven
>> Schveighoffer wrote:
>
>>> I'm fine with saying libraries or platforms that do not
>>> segfault when accessing zero page are incompatible with @safe
>>> code.
>>
>> So we can't have @safe in shared libraries on Linux? Because
>> there's no way for the shared lib author to know what programs
>> using it are going to do.
>
> You can't guarantee @safe on such processes or systems. It has
> to be assumed by the compiler that your provided code doesn't
> happen.
>
> It's not that we can't have @safe because of what someone might
> do, it's that @safe guarantees can only work if you don't do
> such things.
Which essentially means that any library written in @safe D
exposing a C API needs to write in big fat red letters "Don't do
this or you break our safety guarantees".
> It is nice to be aware of these possibilities, since they could
> be an effective attack on D @safe code.
Well, yeah, that's the consequence of @safe correctness depending
on UB always resulting in a crash.
More information about the Digitalmars-d
mailing list