ImportC and nothrow/@nogc?

Paolo Invernizzi paolo.invernizzi at gmail.com
Tue Aug 27 08:19:47 UTC 2024


On Tuesday, 27 August 2024 at 06:32:06 UTC, Manu wrote:
> On Tue, 27 Aug 2024 at 04:17, Timon Gehr via Digitalmars-d < 
> digitalmars-d at puremagic.com> wrote:
>
>> On 8/26/24 07:37, Walter Bright wrote:
>> > On 8/24/2024 10:15 AM, Manu wrote:
>> >> *sigh* ... I'm not going to do that.
>> >> ImportC either works, or it doesn't... and it currently 
>> >> doesn't work,
>> >> and I'm just going to move on.
>> >> By far the easiest and least ridiculous feeling thing can 
>> >> do right now
>> >> is to just prototype the occasional C library call inline 
>> >> immediately
>> >> before the call, which is what I've moved on with.
>> >> Fortunately my call volume is low.
>> >
>> > You're right, that will work.
>> >
>> > I tried to make C calls default to @trusted. Every single 
>> > person in the community who voiced an opinion on it was dead 
>> > set against it. But here you are, saying who cares what C 
>> > does.
>> >
>> > I've got a cannon on one side aimed at me, and a flak gun on 
>> > the other side.
>> >
>> > What do you suggest I do?
>> >
>>
>> Marking every C function `@trusted` would not solve his 
>> problem. What would solve his problem is if ImportC supported 
>> C extensions that let you mark groups of declarations using D 
>> attributes. Then you can put those in the C files that you 
>> import.
>>
>
> I could live with that... though I don't necessarily agree.
> I stand with Walter in principle on this; C prototypes should 
> just be @trusted.

Again, a big NO

> If you import and link a C library; you are 'trusting' it by 
> definition.

Again, a big NO

> You're making use of some middleware, and you're not in control
> of the code... it is as it is, and you decided to use it anyway.

@trusted relates to _memory safety_, nothing more, it's not about 
the distinction between crap codebases and excellent codebases.

You are in control of reading the documentation of the external C 
function
You are in control of understanding that some C function is NOT 
memory safe.
You are in control that you CAN'T call the function from @safe 
code without sanitising its input with some other @trusted D 
function.

You still mix memory safety with other completely different 
things.

> You either trust it (and link it into your software), or you 
> don't.

That's nonsense, again, see above

> Nobody gains anything from causing a hassle every time you want 
>  to call
> into a library that you've opted in to. The *whole point* is to 
> use the
> library; what possible advantage could there be to making that 
> a pain in the arse?

Best effort towards memory safety.
If you don't care and are searching for no hassles just don't use 
safe at all in your codebase

> Can we direct this thread back towards nothrow and @nogc? This 
> wasn't actually a conversation about @trusted...

It seems to me actually that there's still a lot of confusion 
about @safe / @trusted / @system from time to time, as your 
thread is showing.

So I think this digression is just prophylaxis against the 
@trusted virus

  :-P






More information about the Digitalmars-d mailing list