[phobos] Making std.stdio.readf @safe

Jakub Łabaj via phobos phobos at puremagic.com
Tue Feb 7 11:07:41 PST 2017


I see it like this:
- flockfile - can be @trusted, because no matter when we call it 
with correct argument, it won't do anything unsafe
- funlockfile - if called by not owning thread, the behaviour is 
undefined - so potentially may do something unsafe (I don't know 
what happens if called on not locked file, probably is ignored)
fgetc - when not guarded by lock it is not thread safe, shouldn't 
be @trusted

Is my reasoning correct? In such case having only one of these 
functions @trusted doesn't solve the problem which means I would 
need to make methods of LockingTextReader @trusted.

On Tuesday, 7 February 2017 at 18:08:42 UTC, Jakub Łabaj wrote:
> What about fgetc_unlocked then? It may be not thread safe if 
> used without lock, is it considered unsafe because of bad usage 
> or just unsafe? Sorry, I still have some problems with 
> identifying this.
>
> On Tuesday, 7 February 2017 at 18:01:38 UTC, Andrei 
> Alexandrescu wrote:
>> Safe/trusted means "no unsafe operation", not "will cause 
>> issues if used incorrectly". -- Andrei
>>
>> On 2/7/17 12:59 PM, Jakub Łabaj via phobos wrote:
>>> On Tuesday, 7 February 2017 at 17:45:00 UTC, Andrei 
>>> Alexandrescu wrote:
>>>> This may be hasty. https://linux.die.net/man/2/flock does 
>>>> not perform
>>>> any unsafe operation, even for invalid arguments. -- Andrei
>>>>
>>>> On 2/7/17 11:44 AM, Walter Bright via phobos wrote:
>>>>>
>>>>>
>>>>> On 2/7/2017 6:00 AM, Jakub Łabaj via phobos wrote:
>>>>>> Ok, so I have doubts whether these functions can be 
>>>>>> @trusted. On the
>>>>>> one hand
>>>>>> they get just FILE* as an argument which (as I see it) 
>>>>>> makes it safe
>>>>>> interface.
>>>>>> On the other hand FGETC is unlocked version of fgetc and 
>>>>>> requires
>>>>>> explicit lock
>>>>>> to be used safely; FLOCK and FUNLOCK invocations should 
>>>>>> match,
>>>>>> therefore there
>>>>>> is also possibility to use it incorrectly. Personally I 
>>>>>> would not mark
>>>>>> them
>>>>>> @trusted then, is it correct?
>>>>>
>>>>> I'd say you're right.
>>>>> _______________________________________________
>>>>> phobos mailing list
>>>>> phobos at puremagic.com
>>>>> http://lists.puremagic.com/mailman/listinfo/phobos
>>>
>>> FLOCK is aliased (at Linux) to 
>>> https://linux.die.net/man/3/flockfile .
>>> It may be safe on its own, but to avoid deadlock must be 
>>> followed by
>>> call to unlock. Does it qualify to be @trusted in such case?
>>> _______________________________________________
>>> phobos mailing list
>>> phobos at puremagic.com
>>> http://lists.puremagic.com/mailman/listinfo/phobos




More information about the phobos mailing list