On Friday, 13 March 2020 at 18:30:51 UTC, H. S. Teoh wrote:
On Fri, Mar 13, 2020 at 06:11:01PM +0000, wjoe via
Digitalmars-d-learn wrote:
On Friday, 13 March 2020 at 17:05:32 UTC, Mike Parker wrote:
> On Friday, 13 March 2020 at 16:11:53 UTC, wjoe wrote:
> > On Friday, 13 March 2020 at 16:04:06 UTC, Mike Parker
> > wrote:
[...]
> > > bindSymbol(cast(void**)&apiVersion, "VersionOfAPI");
[...]
This also means that LoadPlugin() can't be @safe - or at least
the
call to bindSymbol.
[...]
Of course it cannot be @safe, because it depends on whether the
symbol defined in the library you loaded is actually @safe.
You cannot know that for sure (for example, maybe it exports a
symbol that happens to coincide with the mangling of a @safe
function, but isn't in fact @safe). Similarly, at least on
Posix, shared libraries only export symbol names, the actual
type is not part of the shared library API other than what is
encoded in the mangled symbol. So you don't know for sure that
you're actually casting to the correct type, for example; if
you make a mistake, you might get UB and memory corruption.
So essentially, you're trusting that the symbol you just looked
up is actually pointing to what you think it's pointing to.
Therefore, it makes sense that such calls have to be @trusted.
T
I wasn't aware that pragma(mangle, ..) can practically name any
function anything. So from what I understand, because, at least
on Posix, since there's only a symbol name there's nothing I can
do in my loader to verify that a function is or does what it
claim to be/do.
This is kind of disappointing but well worth the lessons learned.
Thanks for your reply.
