Re: all OS functions should be "nothrow @trusted @nogc"

On Wednesday, 2 August 2017 at 16:32:44 UTC, Andrei Alexandrescu wrote: import std.algorithm; // I probably wouldn't even define this but use the body as is auto strnlen_safe(in char[] str) { return countUntil(cast(ubyte[]) str, '\0'); } Oh that cast it irks me so. -Steve return

Re: all OS functions should be "nothrow @trusted @nogc"

import std.algorithm; // I probably wouldn't even define this but use the body as is auto strnlen_safe(in char[] str) { return countUntil(cast(ubyte[]) str, '\0'); } Oh that cast it irks me so. -Steve return str.representation.countUntil('\0'); Andrei

Re: all OS functions should be "nothrow @trusted @nogc"

On Tuesday, 1 August 2017 at 22:52:26 UTC, H. S. Teoh wrote: On Tue, Aug 01, 2017 at 06:46:17PM -0400, Steven Schveighoffer via Digitalmars-d wrote: On 8/1/17 6:17 PM, Moritz Maxeiner wrote: [...] > import std.algorithm; > // I probably wouldn't even define this but use the body as > is >

Re: all OS functions should be "nothrow @trusted @nogc"

On Tue, Aug 01, 2017 at 06:46:17PM -0400, Steven Schveighoffer via Digitalmars-d wrote: > On 8/1/17 6:17 PM, Moritz Maxeiner wrote: [...] > > import std.algorithm; > > // I probably wouldn't even define this but use the body as is > > auto strnlen_safe(in char[] str) > > { > > return

Re: all OS functions should be "nothrow @trusted @nogc"

On 8/1/17 6:17 PM, Moritz Maxeiner wrote: On Tuesday, 1 August 2017 at 21:59:46 UTC, Steven Schveighoffer wrote: On 8/1/17 5:54 PM, Moritz Maxeiner wrote: On Tuesday, 1 August 2017 at 20:39:35 UTC, Marco Leise wrote: Am Tue, 1 Aug 2017 10:50:59 -0700 schrieb "H. S. Teoh via Digitalmars-d"

Re: all OS functions should be "nothrow @trusted @nogc"

On Tuesday, 1 August 2017 at 21:59:46 UTC, Steven Schveighoffer wrote: On 8/1/17 5:54 PM, Moritz Maxeiner wrote: On Tuesday, 1 August 2017 at 20:39:35 UTC, Marco Leise wrote: Am Tue, 1 Aug 2017 10:50:59 -0700 schrieb "H. S. Teoh via Digitalmars-d" : On Tue, Aug

Re: all OS functions should be "nothrow @trusted @nogc"

On 8/1/17 5:54 PM, Moritz Maxeiner wrote: On Tuesday, 1 August 2017 at 20:39:35 UTC, Marco Leise wrote: Am Tue, 1 Aug 2017 10:50:59 -0700 schrieb "H. S. Teoh via Digitalmars-d" : On Tue, Aug 01, 2017 at 05:12:38PM +, w0rp via Digitalmars-d wrote: > Direct OS

Re: all OS functions should be "nothrow @trusted @nogc"

On Tuesday, 1 August 2017 at 20:39:35 UTC, Marco Leise wrote: Am Tue, 1 Aug 2017 10:50:59 -0700 schrieb "H. S. Teoh via Digitalmars-d" : On Tue, Aug 01, 2017 at 05:12:38PM +, w0rp via Digitalmars-d wrote: > Direct OS function calls should probably all be

Re: all OS functions should be "nothrow @trusted @nogc"

On Tue, Aug 01, 2017 at 10:39:35PM +0200, Marco Leise via Digitalmars-d wrote: > Am Tue, 1 Aug 2017 10:50:59 -0700 > schrieb "H. S. Teoh via Digitalmars-d" > : > > > On Tue, Aug 01, 2017 at 05:12:38PM +, w0rp via Digitalmars-d wrote: > > > Direct OS function calls

Re: all OS functions should be "nothrow @trusted @nogc"

Am Tue, 1 Aug 2017 10:50:59 -0700 schrieb "H. S. Teoh via Digitalmars-d" : > On Tue, Aug 01, 2017 at 05:12:38PM +, w0rp via Digitalmars-d wrote: > > Direct OS function calls should probably all be treated as unsafe, > > except for rare cases where the behaviour is

Re: all OS functions should be "nothrow @trusted @nogc"

On Tue, Aug 01, 2017 at 05:12:38PM +, w0rp via Digitalmars-d wrote: > Direct OS function calls should probably all be treated as unsafe, > except for rare cases where the behaviour is very well defined in > standards and in actual implementations to be safe. The way to get > safe functions for

Re: all OS functions should be "nothrow @trusted @nogc"

Direct OS function calls should probably all be treated as unsafe, except for rare cases where the behaviour is very well defined in standards and in actual implementations to be safe. The way to get safe functions for OS functionality is to write wrapper functions in D which prohibit unsafe

Re: all OS functions should be "nothrow @trusted @nogc"

On Monday, 31 July 2017 at 13:56:48 UTC, Shachar Shemesh wrote: One of the things that really bother me with the D community is the "100% or nothing" approach. In the worst case when a function becomes unsafe, only @safe attribute will be removed from it, which will be a breaking change, but

Re: all OS functions should be "nothrow @trusted @nogc"

On Monday, 31 July 2017 at 14:51:22 UTC, Timon Gehr wrote: On 31.07.2017 16:15, Shachar Shemesh wrote: That's fine, but since, according to the logic presented here, no OS function can ever be @safe, This is actually not true. Vladimir was just pointing out a complication of which to be

Re: all OS functions should be "nothrow @trusted @nogc"

On 31.07.2017 16:15, Shachar Shemesh wrote: Why do you think @trusted exists? That's fine, but since, according to the logic presented here, no OS function can ever be @safe, This is actually not true. Vladimir was just pointing out a complication of which to be aware. Are you arguing

Re: all OS functions should be "nothrow @trusted @nogc"

On 31/07/17 17:08, Timon Gehr wrote: On 31.07.2017 15:56, Shachar Shemesh wrote: One of the things that really bother me with the D community is the "100% or nothing" approach. ... Personally, I'm more bothered by this kind of lazy argument that sounds good but has no substance. System

Re: all OS functions should be "nothrow @trusted @nogc"

On 31.07.2017 15:56, Shachar Shemesh wrote: One of the things that really bother me with the D community is the "100% or nothing" approach. ... Personally, I'm more bothered by this kind of lazy argument that sounds good but has no substance. System programming is, by definition, an

Re: all OS functions should be "nothrow @trusted @nogc"

On 31/07/17 16:33, Vladimir Panteleev wrote: On Wednesday, 26 July 2017 at 17:48:21 UTC, Walter Bright wrote: On 7/26/2017 6:29 AM, Kagamin wrote: Should we still try to mark them safe at all? Marking ones that are safe with @safe is fine. OS APIs pretty much never change. Sometimes

Re: all OS functions should be "nothrow @trusted @nogc"

On Wednesday, 26 July 2017 at 17:48:21 UTC, Walter Bright wrote: On 7/26/2017 6:29 AM, Kagamin wrote: Should we still try to mark them safe at all? Marking ones that are safe with @safe is fine. OS APIs pretty much never change. Sometimes operating systems add new flags to their API which

Re: all OS functions should be "nothrow @trusted @nogc"

There's a less questionable problem with it. Hint: FILE struct is transparent, look inside it, lots of interesting stuff there.

Re: all OS functions should be "nothrow @trusted @nogc"

On Friday, 28 July 2017 at 12:40:06 UTC, Kagamin wrote: On Wednesday, 26 July 2017 at 17:48:21 UTC, Walter Bright wrote: On 7/26/2017 6:29 AM, Kagamin wrote: Should we still try to mark them safe at all? Marking ones that are safe with @safe is fine. OS APIs pretty much never change. New

Re: all OS functions should be "nothrow @trusted @nogc"

On Wednesday, 26 July 2017 at 17:48:21 UTC, Walter Bright wrote: On 7/26/2017 6:29 AM, Kagamin wrote: Should we still try to mark them safe at all? Marking ones that are safe with @safe is fine. OS APIs pretty much never change. New technologies and new features get introduced over time:

Re: all OS functions should be "nothrow @trusted @nogc"

On 2017-07-27 13:46, Steven Schveighoffer wrote: So the result is that it will segfault. I don't see a problem with this. It's what I would have expected. The problem is that behavior might change depending on which compiler is used because the code is not valid according to the

Re: all OS functions should be "nothrow @trusted @nogc"

On 07/25/2017 10:54 PM, Walter Bright wrote: On 7/25/2017 8:26 AM, Andrei Alexandrescu wrote: A suite of safe wrappers on OS primitives might be useful. The idea of fixing the operating system interface(s) has come up now and then. I've tried to discourage that on the following grounds: *

Re: all OS functions should be "nothrow @trusted @nogc"

On Thursday, 27 July 2017 at 14:45:03 UTC, Steven Schveighoffer wrote: On 7/27/17 10:20 AM, Moritz Maxeiner wrote: On Thursday, 27 July 2017 at 13:56:00 UTC, Steven Schveighoffer wrote: I'm fine with saying libraries or platforms that do not segfault when accessing zero page are incompatible

Re: all OS functions should be "nothrow @trusted @nogc"

On Thursday, 27 July 2017 at 11:46:24 UTC, Steven Schveighoffer wrote: On 7/27/17 2:48 AM, Jacob Carlborg wrote: And then the compiler runs the "Dead Code Elimination" pass and we're left with: void contains_null_check(int* p) { *p = 4; } So the result is that it will segfault. I don't

Re: all OS functions should be "nothrow @trusted @nogc"

On 7/27/17 10:20 AM, Moritz Maxeiner wrote: On Thursday, 27 July 2017 at 13:56:00 UTC, Steven Schveighoffer wrote: On 7/27/17 9:24 AM, Moritz Maxeiner wrote: On Wednesday, 26 July 2017 at 01:09:50 UTC, Steven Schveighoffer wrote: I think we can correctly assume no fclose implementations exist

Re: all OS functions should be "nothrow @trusted @nogc"

On Thursday, 27 July 2017 at 13:56:00 UTC, Steven Schveighoffer wrote: On 7/27/17 9:24 AM, Moritz Maxeiner wrote: On Wednesday, 26 July 2017 at 01:09:50 UTC, Steven Schveighoffer wrote: I think we can correctly assume no fclose implementations exist that do anything but access data pointed at

Re: all OS functions should be "nothrow @trusted @nogc"

On Thursday, 27 July 2017 at 13:45:21 UTC, ag0aep6g wrote: On 07/27/2017 03:24 PM, Moritz Maxeiner wrote: --- null.d --- version (linux): import core.stdc.stdio : FILE; import core.sys.linux.sys.mman; extern (C) @safe int fgetc(FILE* stream); void mmapNull() { void* mmapNull =

Re: all OS functions should be "nothrow @trusted @nogc"

On 7/27/17 9:24 AM, Moritz Maxeiner wrote: On Wednesday, 26 July 2017 at 01:09:50 UTC, Steven Schveighoffer wrote: I think we can correctly assume no fclose implementations exist that do anything but access data pointed at by stream. Which means a segfault on every platform we support. On

Re: all OS functions should be "nothrow @trusted @nogc"

On 07/27/2017 03:24 PM, Moritz Maxeiner wrote: --- null.d --- version (linux): import core.stdc.stdio : FILE; import core.sys.linux.sys.mman; extern (C) @safe int fgetc(FILE* stream); void mmapNull() { void* mmapNull = mmap(null, 4096, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS

Re: all OS functions should be "nothrow @trusted @nogc"

On Wednesday, 26 July 2017 at 01:09:50 UTC, Steven Schveighoffer wrote: On 7/25/17 8:45 PM, Timon Gehr wrote: On 26.07.2017 02:35, Steven Schveighoffer wrote: On 7/25/17 5:23 PM, Moritz Maxeiner wrote: On Tuesday, 25 July 2017 at 20:16:41 UTC, Steven Schveighoffer wrote: The behavior is

Re: all OS functions should be "nothrow @trusted @nogc"

On 07/27/2017 07:27 AM, Timon Gehr wrote: On 27.07.2017 02:11, Steven Schveighoffer wrote: On 7/26/17 7:56 PM, Andrei Alexandrescu wrote: On 07/26/2017 06:16 PM, Steven Schveighoffer wrote: So I guess I should restate that we can assume no implementations exist that intentionally cause UB

Re: all OS functions should be "nothrow @trusted @nogc"

On 7/27/17 7:27 AM, Timon Gehr wrote: On 27.07.2017 02:11, Steven Schveighoffer wrote: On 7/26/17 7:56 PM, Andrei Alexandrescu wrote: On 07/26/2017 06:16 PM, Steven Schveighoffer wrote: So I guess I should restate that we can assume no implementations exist that intentionally cause UB when

Re: all OS functions should be "nothrow @trusted @nogc"

On 7/27/17 2:48 AM, Jacob Carlborg wrote: And then the compiler runs the "Dead Code Elimination" pass and we're left with: void contains_null_check(int* p) { *p = 4; } So the result is that it will segfault. I don't see a problem with this. It's what I would have expected. -Steve

Re: all OS functions should be "nothrow @trusted @nogc"

On 27.07.2017 02:11, Steven Schveighoffer wrote: On 7/26/17 7:56 PM, Andrei Alexandrescu wrote: On 07/26/2017 06:16 PM, Steven Schveighoffer wrote: So I guess I should restate that we can assume no implementations exist that intentionally cause UB when stream is NULL (as in Timon's example).

Re: all OS functions should be "nothrow @trusted @nogc"

On 2017-07-27 03:14, Steven Schveighoffer wrote: I can't see how compilers can take advantage of this one. However, we can take advantage that this UB is almost universally implemented as a hardware segfault that ends the process. Unfortunately it's not that easy with optimizing compilers

Re: all OS functions should be "nothrow @trusted @nogc"

On 7/26/17 8:09 PM, Timon Gehr wrote: On 27.07.2017 01:56, Andrei Alexandrescu wrote: On 07/26/2017 06:16 PM, Steven Schveighoffer wrote: So I guess I should restate that we can assume no implementations exist that intentionally cause UB when stream is NULL (as in Timon's example). My

Re: all OS functions should be "nothrow @trusted @nogc"

On 7/26/17 7:56 PM, Andrei Alexandrescu wrote: On 07/26/2017 06:16 PM, Steven Schveighoffer wrote: So I guess I should restate that we can assume no implementations exist that intentionally cause UB when stream is NULL (as in Timon's example). Either they check for null, and handle gracefully,

Re: all OS functions should be "nothrow @trusted @nogc"

On 27.07.2017 01:56, Andrei Alexandrescu wrote: On 07/26/2017 06:16 PM, Steven Schveighoffer wrote: So I guess I should restate that we can assume no implementations exist that intentionally cause UB when stream is NULL (as in Timon's example). My argument was not that we need to fear

Re: all OS functions should be "nothrow @trusted @nogc"

On 07/26/2017 06:16 PM, Steven Schveighoffer wrote: So I guess I should restate that we can assume no implementations exist that intentionally cause UB when stream is NULL (as in Timon's example). Either they check for null, and handle gracefully, or don't check and segfault. No need to

Re: all OS functions should be "nothrow @trusted @nogc"

On 7/26/17 12:08 PM, Patrick Schluter wrote: On Wednesday, 26 July 2017 at 01:09:50 UTC, Steven Schveighoffer wrote: On 7/25/17 8:45 PM, Timon Gehr wrote: On 26.07.2017 02:35, Steven Schveighoffer wrote: On 7/25/17 5:23 PM, Moritz Maxeiner wrote: On Tuesday, 25 July 2017 at 20:16:41 UTC,

Re: all OS functions should be "nothrow @trusted @nogc"

On 7/26/2017 6:29 AM, Kagamin wrote: Should we still try to mark them safe at all? Marking ones that are safe with @safe is fine. OS APIs pretty much never change.

Re: all OS functions should be "nothrow @trusted @nogc"

On 7/26/2017 3:14 AM, Timon Gehr wrote: On 26.07.2017 05:02, Walter Bright wrote: The implementation checks for fp being NULL and returns EOF if it is. The C mindset is that this check is a waste of precious processing resources and morally wrong, as only a fool would pass NULL anyway, and

Re: all OS functions should be "nothrow @trusted @nogc"

On Wednesday, 26 July 2017 at 03:16:44 UTC, Walter Bright wrote: On 7/25/2017 6:09 PM, Steven Schveighoffer wrote: Likewise, because D depends on hardware flagging of dereferencing null as a segfault, any platforms that *don't* have that for C also won't have it for D. And then @safe doesn't

Re: all OS functions should be "nothrow @trusted @nogc"

On Wednesday, 26 July 2017 at 01:09:50 UTC, Steven Schveighoffer wrote: On 7/25/17 8:45 PM, Timon Gehr wrote: On 26.07.2017 02:35, Steven Schveighoffer wrote: On 7/25/17 5:23 PM, Moritz Maxeiner wrote: On Tuesday, 25 July 2017 at 20:16:41 UTC, Steven Schveighoffer wrote: The behavior is

Re: all OS functions should be "nothrow @trusted @nogc"

On Wednesday, 26 July 2017 at 02:54:34 UTC, Walter Bright wrote: * Operating system APIs grow like weeds. We'd set ourselves an impossible task. It is worthwhile, however, to augment the APIs with the appropriate attributes like @nogc, scope, nothrow, @safe (for the ones that are), etc.

Re: all OS functions should be "nothrow @trusted @nogc"

On Tuesday, 25 July 2017 at 18:36:35 UTC, Moritz Maxeiner wrote: fgetc cannot be @trusted the same way fclose cannot be @trusted. If you pass either of them `null` - which constitutes a legal @safe context - the behaviour is undefined, which contradicts @trusted definition: exhibit any

Re: all OS functions should be "nothrow @trusted @nogc"

On 7/26/17 7:55 AM, Timon Gehr wrote: On 26.07.2017 13:22, Steven Schveighoffer wrote: On 7/26/17 6:01 AM, Timon Gehr wrote: On 26.07.2017 03:09, Steven Schveighoffer wrote: ... In other words, I think we can assume for any C functions that are passed pointers that dereference those

Re: all OS functions should be "nothrow @trusted @nogc"

On 26.07.2017 13:22, Steven Schveighoffer wrote: On 7/26/17 6:01 AM, Timon Gehr wrote: On 26.07.2017 03:09, Steven Schveighoffer wrote: ... In other words, I think we can assume for any C functions that are passed pointers that dereference those pointers, passing null is safely going to

Re: all OS functions should be "nothrow @trusted @nogc"

On 7/26/17 6:01 AM, Timon Gehr wrote: On 26.07.2017 03:09, Steven Schveighoffer wrote: On 7/25/17 8:45 PM, Timon Gehr wrote: ... What Moritz is saying is that the following implementation of fclose is correct according to the C standard: int fclose(FILE *stream){ if(stream == NULL){

Re: all OS functions should be "nothrow @trusted @nogc"

On 7/26/17 3:05 AM, Shachar Shemesh wrote: On 25/07/17 18:26, Andrei Alexandrescu wrote: (btw void[] doesn't work) Can you expand on this point? Shachar Because anything casts to void[] implicitly. e.g.: void main() @safe { int *[] arr = new int*[5]; read(0, arr); // reading raw

Re: all OS functions should be "nothrow @trusted @nogc"

On 26.07.2017 05:02, Walter Bright wrote: On 7/25/2017 5:56 PM, Andrei Alexandrescu wrote: I'd think that would be the case, but failed to find a fgetc implementation that mentions it's undefined for a null FILE*. Is there a link? Thx. -- Andrei The documentation for DMC++ fgetc() is:

Re: all OS functions should be "nothrow @trusted @nogc"

On 26.07.2017 02:56, Andrei Alexandrescu wrote: What Moritz is saying is that the following implementation of fclose is correct according to the C standard: int fclose(FILE *stream){ if(stream == NULL){ return go_wild_and_corrupt_all_the_memory(); }else{ return

Re: all OS functions should be "nothrow @trusted @nogc"

On 26.07.2017 03:09, Steven Schveighoffer wrote: On 7/25/17 8:45 PM, Timon Gehr wrote: ... What Moritz is saying is that the following implementation of fclose is correct according to the C standard: int fclose(FILE *stream){ if(stream == NULL){ return

Re: all OS functions should be "nothrow @trusted @nogc"

On Wednesday, 26 July 2017 at 06:44:51 UTC, Shachar Shemesh wrote: On 25/07/17 18:29, Moritz Maxeiner wrote: On Tuesday, 25 July 2017 at 14:39:15 UTC, Shachar Shemesh wrote: On 25/07/17 17:24, Moritz Maxeiner wrote: On Tuesday, 25 July 2017 at 13:50:16 UTC, Shachar Shemesh wrote: The title

Re: all OS functions should be "nothrow @trusted @nogc"

On Wednesday, 26 July 2017 at 00:35:13 UTC, Steven Schveighoffer wrote: On 7/25/17 5:23 PM, Moritz Maxeiner wrote: On Tuesday, 25 July 2017 at 20:16:41 UTC, Steven Schveighoffer wrote: The behavior is defined. It will crash with a segfault. In C land that behaviour is a platform

Re: all OS functions should be "nothrow @trusted @nogc"

On 25/07/17 18:26, Andrei Alexandrescu wrote: (btw void[] doesn't work) Can you expand on this point? Shachar

Re: all OS functions should be "nothrow @trusted @nogc"

On 25/07/17 18:29, Moritz Maxeiner wrote: On Tuesday, 25 July 2017 at 14:39:15 UTC, Shachar Shemesh wrote: On 25/07/17 17:24, Moritz Maxeiner wrote: On Tuesday, 25 July 2017 at 13:50:16 UTC, Shachar Shemesh wrote: The title really does says it all. Since you explicitly state *all* OS

Re: all OS functions should be "nothrow @trusted @nogc"

On 7/25/2017 6:09 PM, Steven Schveighoffer wrote: Likewise, because D depends on hardware flagging of dereferencing null as a segfault, any platforms that *don't* have that for C also won't have it for D. And then @safe doesn't even work in D code either. I spent 10 years programming on DOS

Re: all OS functions should be "nothrow @trusted @nogc"

On 7/25/2017 5:56 PM, Andrei Alexandrescu wrote: I'd think that would be the case, but failed to find a fgetc implementation that mentions it's undefined for a null FILE*. Is there a link? Thx. -- Andrei The documentation for DMC++ fgetc() is: https://digitalmars.com/rtl/stdio.html#fgetc

Re: all OS functions should be "nothrow @trusted @nogc"

On 7/25/2017 8:26 AM, Andrei Alexandrescu wrote: A suite of safe wrappers on OS primitives might be useful. The idea of fixing the operating system interface(s) has come up now and then. I've tried to discourage that on the following grounds: * We are not in the operating system business.

Re: all OS functions should be "nothrow @trusted @nogc"

On 7/25/17 8:45 PM, Timon Gehr wrote: On 26.07.2017 02:35, Steven Schveighoffer wrote: On 7/25/17 5:23 PM, Moritz Maxeiner wrote: On Tuesday, 25 July 2017 at 20:16:41 UTC, Steven Schveighoffer wrote: The behavior is defined. It will crash with a segfault. In C land that behaviour is a

Re: all OS functions should be "nothrow @trusted @nogc"

On 07/25/2017 08:45 PM, Timon Gehr wrote: On 26.07.2017 02:35, Steven Schveighoffer wrote: On 7/25/17 5:23 PM, Moritz Maxeiner wrote: On Tuesday, 25 July 2017 at 20:16:41 UTC, Steven Schveighoffer wrote: The behavior is defined. It will crash with a segfault. In C land that behaviour is a

Re: all OS functions should be "nothrow @trusted @nogc"

On 26.07.2017 02:45, Timon Gehr would have liked to have written: ... What Moritz is saying is that the following implementation of fclose is correct according to the C standard: int fclose(FILE *stream){ if(stream == NULL){ return go_wild_and_corrupt_all_the_memory();

Re: all OS functions should be "nothrow @trusted @nogc"

On 26.07.2017 02:35, Steven Schveighoffer wrote: On 7/25/17 5:23 PM, Moritz Maxeiner wrote: On Tuesday, 25 July 2017 at 20:16:41 UTC, Steven Schveighoffer wrote: The behavior is defined. It will crash with a segfault. In C land that behaviour is a platform (hardware/OS/libc) specific

Re: all OS functions should be "nothrow @trusted @nogc"

On 7/25/17 5:23 PM, Moritz Maxeiner wrote: On Tuesday, 25 July 2017 at 20:16:41 UTC, Steven Schveighoffer wrote: The behavior is defined. It will crash with a segfault. In C land that behaviour is a platform (hardware/OS/libc) specific implementation detail (it's what you generally expect to

Re: all OS functions should be "nothrow @trusted @nogc"

On Tuesday, 25 July 2017 at 20:16:41 UTC, Steven Schveighoffer wrote: On 7/25/17 2:36 PM, Moritz Maxeiner wrote: On Tuesday, 25 July 2017 at 18:07:06 UTC, Steven Schveighoffer wrote: On 7/25/17 12:14 PM, Kagamin wrote: While we're at it, check this:

Re: all OS functions should be "nothrow @trusted @nogc"

On 7/25/17 2:36 PM, Moritz Maxeiner wrote: On Tuesday, 25 July 2017 at 18:07:06 UTC, Steven Schveighoffer wrote: On 7/25/17 12:14 PM, Kagamin wrote: While we're at it, check this: https://github.com/dlang/druntime/blob/master/src/core/stdc/stdio.d#L1047 Looks fine to me. That's not an

Re: all OS functions should be "nothrow @trusted @nogc"

On Tuesday, 25 July 2017 at 18:07:06 UTC, Steven Schveighoffer wrote: On 7/25/17 12:14 PM, Kagamin wrote: While we're at it, check this: https://github.com/dlang/druntime/blob/master/src/core/stdc/stdio.d#L1047 Looks fine to me. That's not an array of FILE, it's a single pointer. fgetc

Re: all OS functions should be "nothrow @trusted @nogc"

On 07/25/2017 02:20 PM, Steven Schveighoffer wrote: On 7/25/17 2:14 PM, Andrei Alexandrescu wrote: On 07/25/2017 12:14 PM, Kagamin wrote: While we're at it, check this: https://github.com/dlang/druntime/blob/master/src/core/stdc/stdio.d#L1047 That might be a mistake. Is fclose(f); getc(f);

Re: all OS functions should be "nothrow @trusted @nogc"

On 7/25/17 2:14 PM, Andrei Alexandrescu wrote: On 07/25/2017 12:14 PM, Kagamin wrote: While we're at it, check this: https://github.com/dlang/druntime/blob/master/src/core/stdc/stdio.d#L1047 That might be a mistake. Is fclose(f); getc(f); defined? -- Andrei fclose is not @safe. The charter

Re: all OS functions should be "nothrow @trusted @nogc"

On 07/25/2017 12:14 PM, Kagamin wrote: While we're at it, check this: https://github.com/dlang/druntime/blob/master/src/core/stdc/stdio.d#L1047 That might be a mistake. Is fclose(f); getc(f); defined? -- Andrei

Re: all OS functions should be "nothrow @trusted @nogc"

On 07/25/2017 11:50 AM, Steven Schveighoffer wrote: On 7/25/17 11:26 AM, Andrei Alexandrescu wrote: About http://man7.org/linux/man-pages/man2/read.2.html, there's just a bit of wrapping necessary: nothrow @trusted @nogc ssize_t read(int fd, ubyte[] buf) { return read(fd, buf.ptr,

Re: all OS functions should be "nothrow @trusted @nogc"

On 7/25/17 12:46 PM, Kagamin wrote: On Tuesday, 25 July 2017 at 15:12:30 UTC, Steven Schveighoffer wrote: I think signalfd can be marked @trusted, as @safe code supports pointing at a single element. What about functions that take zero terminated strings? Are they ok to read past the end of

Re: all OS functions should be "nothrow @trusted @nogc"

On 7/25/17 12:14 PM, Kagamin wrote: While we're at it, check this: https://github.com/dlang/druntime/blob/master/src/core/stdc/stdio.d#L1047 Looks fine to me. That's not an array of FILE, it's a single pointer. -Steve

Re: all OS functions should be "nothrow @trusted @nogc"

On Tuesday, 25 July 2017 at 15:12:30 UTC, Steven Schveighoffer wrote: I think signalfd can be marked @trusted, as @safe code supports pointing at a single element. What about functions that take zero terminated strings? Are they ok to read past the end of allocated object?

Re: all OS functions should be "nothrow @trusted @nogc"

While we're at it, check this: https://github.com/dlang/druntime/blob/master/src/core/stdc/stdio.d#L1047

Re: all OS functions should be "nothrow @trusted @nogc"

On 7/25/17 11:26 AM, Andrei Alexandrescu wrote: About http://man7.org/linux/man-pages/man2/read.2.html, there's just a bit of wrapping necessary: nothrow @trusted @nogc ssize_t read(int fd, ubyte[] buf) { return read(fd, buf.ptr, buf.length); } (btw void[] doesn't work) [snip] A

Re: all OS functions should be "nothrow @trusted @nogc"

On Tuesday, 25 July 2017 at 14:39:15 UTC, Shachar Shemesh wrote: On 25/07/17 17:24, Moritz Maxeiner wrote: On Tuesday, 25 July 2017 at 13:50:16 UTC, Shachar Shemesh wrote: The title really does says it all. Since you explicitly state *all* OS functions: nothrow: Should be OK (only callbacks

Re: all OS functions should be "nothrow @trusted @nogc"

On 07/25/2017 10:43 AM, ag0aep6g wrote: On 07/25/2017 04:32 PM, Shachar Shemesh wrote: And, indeed, the code calling "read" shouldn't be able to do that as @safe. Read itself, however, is trusted (because, let's face it, if you cannot trust the kernel, you're screwed anyways). That's not how

Re: all OS functions should be "nothrow @trusted @nogc"

On 7/25/17 10:27 AM, Shachar Shemesh wrote: On 25/07/17 17:12, Stefan Koch wrote: On Tuesday, 25 July 2017 at 13:50:16 UTC, Shachar Shemesh wrote: The title really does says it all. I keep copying OS function declarations into my code, just so I can add those attributes to them. Otherwise I

Re: all OS functions should be "nothrow @trusted @nogc"

On Tuesday, 25 July 2017 at 14:32:18 UTC, Shachar Shemesh wrote: On 25/07/17 17:11, ag0aep6g wrote: On 07/25/2017 03:50 PM, Shachar Shemesh wrote: The title really does says it all. I keep copying OS function declarations into my code, just so I can add those attributes to them. Otherwise I

Re: all OS functions should be "nothrow @trusted @nogc"

On 07/25/2017 04:32 PM, Shachar Shemesh wrote: And, indeed, the code calling "read" shouldn't be able to do that as @safe. Read itself, however, is trusted (because, let's face it, if you cannot trust the kernel, you're screwed anyways). That's not how `@trusted` works. The point of

Re: all OS functions should be "nothrow @trusted @nogc"

On 25/07/17 17:24, Moritz Maxeiner wrote: On Tuesday, 25 July 2017 at 13:50:16 UTC, Shachar Shemesh wrote: The title really does says it all. Since you explicitly state *all* OS functions: nothrow: Should be OK (only callbacks could violate this and they should be nothrow, anyway).

Re: all OS functions should be "nothrow @trusted @nogc"

On 25/07/17 17:11, ag0aep6g wrote: On 07/25/2017 03:50 PM, Shachar Shemesh wrote: The title really does says it all. I keep copying OS function declarations into my code, just so I can add those attributes to them. Otherwise I simply cannot call "signalfd" and "sigemptyset" (to name a couple

Re: all OS functions should be "nothrow @trusted @nogc"

On 25/07/17 17:12, Stefan Koch wrote: On Tuesday, 25 July 2017 at 13:50:16 UTC, Shachar Shemesh wrote: The title really does says it all. I keep copying OS function declarations into my code, just so I can add those attributes to them. Otherwise I simply cannot call "signalfd" and

Re: all OS functions should be "nothrow @trusted @nogc"

On Tuesday, 25 July 2017 at 13:50:16 UTC, Shachar Shemesh wrote: The title really does says it all. Since you explicitly state *all* OS functions: nothrow: Should be OK (only callbacks could violate this and they should be nothrow, anyway). @trusted: This can only be done for those functions

Re: all OS functions should be "nothrow @trusted @nogc"

On Tuesday, 25 July 2017 at 13:50:16 UTC, Shachar Shemesh wrote: The title really does says it all. I keep copying OS function declarations into my code, just so I can add those attributes to them. Otherwise I simply cannot call "signalfd" and "sigemptyset" (to name a couple from my most

Re: all OS functions should be "nothrow @trusted @nogc"

On 07/25/2017 03:50 PM, Shachar Shemesh wrote: The title really does says it all. I keep copying OS function declarations into my code, just so I can add those attributes to them. Otherwise I simply cannot call "signalfd" and "sigemptyset" (to name a couple from my most recent history) from

all OS functions should be "nothrow @trusted @nogc"

The title really does says it all. I keep copying OS function declarations into my code, just so I can add those attributes to them. Otherwise I simply cannot call "signalfd" and "sigemptyset" (to name a couple from my most recent history) from @safe code. I can try and set up a PR when I