Simplification of @trusted
Paul Backus
snarwin at gmail.com
Thu Jun 17 21:00:13 UTC 2021
On Thursday, 17 June 2021 at 20:42:20 UTC, Ola Fosheim Grøstad
wrote:
> On Thursday, 17 June 2021 at 20:33:33 UTC, Paul Backus wrote:
>> Assuming [issue 20941][1] is fixed, yes.
>
> […]
>
>> Yes.
>
> Thanks.
>
> There seems to be many interpretations of what safe means
> though. Right now, safe interfacing with C seems like opening
> Pandora's box.
>
> Probably a good idea to write up a set of best practice rules
> for making safe interfacing with C libraries (with examples).
A lot of people on the D forums have an incomplete or incorrect
understanding of what memory safety means, and how D's @safe,
@trusted and @system attributes can be used to help prove a
program memory-safe. The interpretation that I and ag0aep6g have
been describing is the correct one.
Re: interfacing with C, the best guarantee you can reasonably
hope to achieve is "my @trusted code is memory safe as long as
the C functions I'm calling behave as specified in the relevant
documentation or standard." I go into more detail about this in
[my blog post on memory safety in D][1].
[1]:
https://pbackus.github.io/blog/what-does-memory-safety-really-mean-in-d.html
More information about the Digitalmars-d
mailing list