First Draft: Making printf @safe
IchorDev
zxinsworld at gmail.com
Wed Jul 17 18:05:05 UTC 2024
On Wednesday, 17 July 2024 at 17:45:12 UTC, IchorDev wrote:
> Marking it as `@trusted` is fine
Oops, I didn't re-read the whole section on [safe
interfaces](https://dlang.org/spec/function.html#safe-interfaces):
> C's `strlen` and `memcpy` do not have safe interfaces:
> ```d
> extern (C) @system size_t strlen(char* s);
> extern (C) @system void* memcpy(void* dst, void* src, size_t
> nbytes);
> ```
> because they iterate pointers based on unverified assumptions
> (`strlen` assumes that `s` is zero-terminated; `memcpy` assumes
> that the memory objects pointed to by `dst` and `src` are at
> least `nbytes` big). Any function that traverses a C string
> passed as an argument can only be `@system`. Any function that
> trusts a separate parameter for array bounds can only be
> `@system`.
So, `printf` must be `@system`. Even `%.*s` is `@system`!
More information about the dip.development
mailing list