D not considered memory safe
Dukc
ajieskola at gmail.com
Wed Jul 17 05:48:40 UTC 2024
Walter Bright kirjoitti 15.7.2024 klo 21.20:
> On 7/11/2024 3:18 AM, Timon Gehr wrote:
>> If even the main language designer advocates for randomly sprinkling
>> `@trusted` to shut up the compiler, there is no hope for memory safe D.
>
> The only way to do a conversion of a large program is to mark them all
> @trusted and then fix the functions one by one. The remaining @trusted
> annotations are the TODO list.
>
> If there's another practical way, I'm not aware of it.
1. Start by doing just what you did: mark something `@safe` that should
be `@safe` and see what error messages pop up.
2. When the compiler complains you're calling a `@system` function, stop
and think. If the function you're trying to call is supposed to have a
safe API, then fine, go and mark it as `@trusted` and add it to todo
list. But if you are, for instance, calling anything that takes a C
string as an argument, please don't schlepp `@trusted` on that - that
would be marking an unsafe API @safe. Use the trusted lambda trick instead.
3. If you had to add trusted lambdas and it annoys you, remove them when
you're done and instead mark the whole function you were working on as
`@trusted`.
More information about the Digitalmars-d
mailing list