On 25/07/17 17:11, ag0aep6g wrote:
On 07/25/2017 03:50 PM, Shachar Shemesh wrote:
The title really does says it all. I keep copying OS function
declarations into my code, just so I can add those attributes to them.
Otherwise I simply cannot call "signalfd" and "sigemptyset" (to name a
couple from my most recent history) from @safe code.
Not all OS functions can be `@trusted`.
I don't about `signalfd` and `sigemptyset`, but `read` [1] can't be
`@trusted`, for example. It takes pointer and length separately, and the
pointer is a `void*`. That's not safe at all.
And, indeed, the code calling "read" shouldn't be able to do that as
@safe. Read itself, however, is trusted (because, let's face it, if you
cannot trust the kernel, you're screwed anyways).
Having said that, I have no objection to excluding the "pointer+length"
system calls from the above rule. They are, by far, the minority of
system calls.
Shachar