On Wednesday, 2 August 2017 at 16:32:44 UTC, Andrei Alexandrescu
wrote:
import std.algorithm;
// I probably wouldn't even define this but use the body as is
auto strnlen_safe(in char[] str)
{
return countUntil(cast(ubyte[]) str, '\0');
}
Oh that cast it irks me so.
-Steve
return
import std.algorithm;
// I probably wouldn't even define this but use the body as is
auto strnlen_safe(in char[] str)
{
return countUntil(cast(ubyte[]) str, '\0');
}
Oh that cast it irks me so.
-Steve
return str.representation.countUntil('\0');
Andrei
On Tuesday, 1 August 2017 at 22:52:26 UTC, H. S. Teoh wrote:
On Tue, Aug 01, 2017 at 06:46:17PM -0400, Steven Schveighoffer
via Digitalmars-d wrote:
On 8/1/17 6:17 PM, Moritz Maxeiner wrote:
[...]
> import std.algorithm;
> // I probably wouldn't even define this but use the body as
> is
>
On Tue, Aug 01, 2017 at 06:46:17PM -0400, Steven Schveighoffer via
Digitalmars-d wrote:
> On 8/1/17 6:17 PM, Moritz Maxeiner wrote:
[...]
> > import std.algorithm;
> > // I probably wouldn't even define this but use the body as is
> > auto strnlen_safe(in char[] str)
> > {
> > return
On 8/1/17 6:17 PM, Moritz Maxeiner wrote:
On Tuesday, 1 August 2017 at 21:59:46 UTC, Steven Schveighoffer wrote:
On 8/1/17 5:54 PM, Moritz Maxeiner wrote:
On Tuesday, 1 August 2017 at 20:39:35 UTC, Marco Leise wrote:
Am Tue, 1 Aug 2017 10:50:59 -0700
schrieb "H. S. Teoh via Digitalmars-d"
On Tuesday, 1 August 2017 at 21:59:46 UTC, Steven Schveighoffer
wrote:
On 8/1/17 5:54 PM, Moritz Maxeiner wrote:
On Tuesday, 1 August 2017 at 20:39:35 UTC, Marco Leise wrote:
Am Tue, 1 Aug 2017 10:50:59 -0700
schrieb "H. S. Teoh via Digitalmars-d"
:
On Tue, Aug
On 8/1/17 5:54 PM, Moritz Maxeiner wrote:
On Tuesday, 1 August 2017 at 20:39:35 UTC, Marco Leise wrote:
Am Tue, 1 Aug 2017 10:50:59 -0700
schrieb "H. S. Teoh via Digitalmars-d"
:
On Tue, Aug 01, 2017 at 05:12:38PM +, w0rp via Digitalmars-d wrote:
> Direct OS
On Tuesday, 1 August 2017 at 20:39:35 UTC, Marco Leise wrote:
Am Tue, 1 Aug 2017 10:50:59 -0700
schrieb "H. S. Teoh via Digitalmars-d"
:
On Tue, Aug 01, 2017 at 05:12:38PM +, w0rp via
Digitalmars-d wrote:
> Direct OS function calls should probably all be
On Tue, Aug 01, 2017 at 10:39:35PM +0200, Marco Leise via Digitalmars-d wrote:
> Am Tue, 1 Aug 2017 10:50:59 -0700
> schrieb "H. S. Teoh via Digitalmars-d"
> :
>
> > On Tue, Aug 01, 2017 at 05:12:38PM +, w0rp via Digitalmars-d wrote:
> > > Direct OS function calls
Am Tue, 1 Aug 2017 10:50:59 -0700
schrieb "H. S. Teoh via Digitalmars-d"
:
> On Tue, Aug 01, 2017 at 05:12:38PM +, w0rp via Digitalmars-d wrote:
> > Direct OS function calls should probably all be treated as unsafe,
> > except for rare cases where the behaviour is
On Tue, Aug 01, 2017 at 05:12:38PM +, w0rp via Digitalmars-d wrote:
> Direct OS function calls should probably all be treated as unsafe,
> except for rare cases where the behaviour is very well defined in
> standards and in actual implementations to be safe. The way to get
> safe functions for
Direct OS function calls should probably all be treated as
unsafe, except for rare cases where the behaviour is very well
defined in standards and in actual implementations to be safe.
The way to get safe functions for OS functionality is to write
wrapper functions in D which prohibit unsafe
On Monday, 31 July 2017 at 13:56:48 UTC, Shachar Shemesh wrote:
One of the things that really bother me with the D community is
the "100% or nothing" approach.
In the worst case when a function becomes unsafe, only @safe
attribute will be removed from it, which will be a breaking
change, but
On Monday, 31 July 2017 at 14:51:22 UTC, Timon Gehr wrote:
On 31.07.2017 16:15, Shachar Shemesh wrote:
That's fine, but since, according to the logic presented here,
no OS function can ever be @safe,
This is actually not true. Vladimir was just pointing out a
complication of which to be
On 31.07.2017 16:15, Shachar Shemesh wrote:
Why do you think @trusted exists?
That's fine, but since, according to the logic presented here, no OS
function can ever be @safe,
This is actually not true. Vladimir was just pointing out a complication
of which to be aware. Are you arguing
On 31/07/17 17:08, Timon Gehr wrote:
On 31.07.2017 15:56, Shachar Shemesh wrote:
One of the things that really bother me with the D community is the
"100% or nothing" approach.
...
Personally, I'm more bothered by this kind of lazy argument that sounds
good but has no substance.
System
On 31.07.2017 15:56, Shachar Shemesh wrote:
One of the things that really bother me with the D community is the
"100% or nothing" approach.
...
Personally, I'm more bothered by this kind of lazy argument that sounds
good but has no substance.
System programming is, by definition, an
On 31/07/17 16:33, Vladimir Panteleev wrote:
On Wednesday, 26 July 2017 at 17:48:21 UTC, Walter Bright wrote:
On 7/26/2017 6:29 AM, Kagamin wrote:
Should we still try to mark them safe at all?
Marking ones that are safe with @safe is fine. OS APIs pretty much
never change.
Sometimes
On Wednesday, 26 July 2017 at 17:48:21 UTC, Walter Bright wrote:
On 7/26/2017 6:29 AM, Kagamin wrote:
Should we still try to mark them safe at all?
Marking ones that are safe with @safe is fine. OS APIs pretty
much never change.
Sometimes operating systems add new flags to their API which
There's a less questionable problem with it.
Hint: FILE struct is transparent, look inside it, lots of
interesting stuff there.
On Friday, 28 July 2017 at 12:40:06 UTC, Kagamin wrote:
On Wednesday, 26 July 2017 at 17:48:21 UTC, Walter Bright wrote:
On 7/26/2017 6:29 AM, Kagamin wrote:
Should we still try to mark them safe at all?
Marking ones that are safe with @safe is fine. OS APIs pretty
much never change.
New
On Wednesday, 26 July 2017 at 17:48:21 UTC, Walter Bright wrote:
On 7/26/2017 6:29 AM, Kagamin wrote:
Should we still try to mark them safe at all?
Marking ones that are safe with @safe is fine. OS APIs pretty
much never change.
New technologies and new features get introduced over time:
On 2017-07-27 13:46, Steven Schveighoffer wrote:
So the result is that it will segfault. I don't see a problem with this.
It's what I would have expected.
The problem is that behavior might change depending on which compiler is
used because the code is not valid according to the
On 07/25/2017 10:54 PM, Walter Bright wrote:
On 7/25/2017 8:26 AM, Andrei Alexandrescu wrote:
A suite of safe wrappers on OS primitives might be useful.
The idea of fixing the operating system interface(s) has come up now and
then. I've tried to discourage that on the following grounds:
*
On Thursday, 27 July 2017 at 14:45:03 UTC, Steven Schveighoffer
wrote:
On 7/27/17 10:20 AM, Moritz Maxeiner wrote:
On Thursday, 27 July 2017 at 13:56:00 UTC, Steven
Schveighoffer wrote:
I'm fine with saying libraries or platforms that do not
segfault when accessing zero page are incompatible
On Thursday, 27 July 2017 at 11:46:24 UTC, Steven Schveighoffer
wrote:
On 7/27/17 2:48 AM, Jacob Carlborg wrote:
And then the compiler runs the "Dead Code Elimination" pass
and we're left with:
void contains_null_check(int* p)
{
*p = 4;
}
So the result is that it will segfault. I don't
On 7/27/17 10:20 AM, Moritz Maxeiner wrote:
On Thursday, 27 July 2017 at 13:56:00 UTC, Steven Schveighoffer wrote:
On 7/27/17 9:24 AM, Moritz Maxeiner wrote:
On Wednesday, 26 July 2017 at 01:09:50 UTC, Steven Schveighoffer wrote:
I think we can correctly assume no fclose implementations exist
On Thursday, 27 July 2017 at 13:56:00 UTC, Steven Schveighoffer
wrote:
On 7/27/17 9:24 AM, Moritz Maxeiner wrote:
On Wednesday, 26 July 2017 at 01:09:50 UTC, Steven
Schveighoffer wrote:
I think we can correctly assume no fclose implementations
exist that do anything but access data pointed at
On Thursday, 27 July 2017 at 13:45:21 UTC, ag0aep6g wrote:
On 07/27/2017 03:24 PM, Moritz Maxeiner wrote:
--- null.d ---
version (linux):
import core.stdc.stdio : FILE;
import core.sys.linux.sys.mman;
extern (C) @safe int fgetc(FILE* stream);
void mmapNull()
{
void* mmapNull =
On 7/27/17 9:24 AM, Moritz Maxeiner wrote:
On Wednesday, 26 July 2017 at 01:09:50 UTC, Steven Schveighoffer wrote:
I think we can correctly assume no fclose implementations exist that
do anything but access data pointed at by stream. Which means a
segfault on every platform we support.
On
On 07/27/2017 03:24 PM, Moritz Maxeiner wrote:
--- null.d ---
version (linux):
import core.stdc.stdio : FILE;
import core.sys.linux.sys.mman;
extern (C) @safe int fgetc(FILE* stream);
void mmapNull()
{
void* mmapNull = mmap(null, 4096, PROT_READ | PROT_WRITE,
MAP_PRIVATE | MAP_ANONYMOUS
On Wednesday, 26 July 2017 at 01:09:50 UTC, Steven Schveighoffer
wrote:
On 7/25/17 8:45 PM, Timon Gehr wrote:
On 26.07.2017 02:35, Steven Schveighoffer wrote:
On 7/25/17 5:23 PM, Moritz Maxeiner wrote:
On Tuesday, 25 July 2017 at 20:16:41 UTC, Steven
Schveighoffer wrote:
The behavior is
On 07/27/2017 07:27 AM, Timon Gehr wrote:
On 27.07.2017 02:11, Steven Schveighoffer wrote:
On 7/26/17 7:56 PM, Andrei Alexandrescu wrote:
On 07/26/2017 06:16 PM, Steven Schveighoffer wrote:
So I guess I should restate that we can assume no implementations
exist that intentionally cause UB
On 7/27/17 7:27 AM, Timon Gehr wrote:
On 27.07.2017 02:11, Steven Schveighoffer wrote:
On 7/26/17 7:56 PM, Andrei Alexandrescu wrote:
On 07/26/2017 06:16 PM, Steven Schveighoffer wrote:
So I guess I should restate that we can assume no implementations
exist that intentionally cause UB when
On 7/27/17 2:48 AM, Jacob Carlborg wrote:
And then the compiler runs the "Dead Code Elimination" pass and we're
left with:
void contains_null_check(int* p)
{
*p = 4;
}
So the result is that it will segfault. I don't see a problem with this.
It's what I would have expected.
-Steve
On 27.07.2017 02:11, Steven Schveighoffer wrote:
On 7/26/17 7:56 PM, Andrei Alexandrescu wrote:
On 07/26/2017 06:16 PM, Steven Schveighoffer wrote:
So I guess I should restate that we can assume no implementations
exist that intentionally cause UB when stream is NULL (as in Timon's
example).
On 2017-07-27 03:14, Steven Schveighoffer wrote:
I can't see how compilers can take advantage of this one. However, we
can take advantage that this UB is almost universally implemented as a
hardware segfault that ends the process.
Unfortunately it's not that easy with optimizing compilers
On 7/26/17 8:09 PM, Timon Gehr wrote:
On 27.07.2017 01:56, Andrei Alexandrescu wrote:
On 07/26/2017 06:16 PM, Steven Schveighoffer wrote:
So I guess I should restate that we can assume no implementations
exist that intentionally cause UB when stream is NULL (as in Timon's
example).
My
On 7/26/17 7:56 PM, Andrei Alexandrescu wrote:
On 07/26/2017 06:16 PM, Steven Schveighoffer wrote:
So I guess I should restate that we can assume no implementations
exist that intentionally cause UB when stream is NULL (as in Timon's
example). Either they check for null, and handle gracefully,
On 27.07.2017 01:56, Andrei Alexandrescu wrote:
On 07/26/2017 06:16 PM, Steven Schveighoffer wrote:
So I guess I should restate that we can assume no implementations
exist that intentionally cause UB when stream is NULL (as in Timon's
example).
My argument was not that we need to fear
On 07/26/2017 06:16 PM, Steven Schveighoffer wrote:
So I guess I should restate that we can assume no implementations exist
that intentionally cause UB when stream is NULL (as in Timon's example).
Either they check for null, and handle gracefully, or don't check and
segfault.
No need to
On 7/26/17 12:08 PM, Patrick Schluter wrote:
On Wednesday, 26 July 2017 at 01:09:50 UTC, Steven Schveighoffer wrote:
On 7/25/17 8:45 PM, Timon Gehr wrote:
On 26.07.2017 02:35, Steven Schveighoffer wrote:
On 7/25/17 5:23 PM, Moritz Maxeiner wrote:
On Tuesday, 25 July 2017 at 20:16:41 UTC,
On 7/26/2017 6:29 AM, Kagamin wrote:
Should we still try to mark them safe at all?
Marking ones that are safe with @safe is fine. OS APIs pretty much never change.
On 7/26/2017 3:14 AM, Timon Gehr wrote:
On 26.07.2017 05:02, Walter Bright wrote:
The implementation checks for fp being NULL and returns EOF if it is.
The C mindset is that this check is a waste of precious processing resources and
morally wrong, as only a fool would pass NULL anyway, and
On Wednesday, 26 July 2017 at 03:16:44 UTC, Walter Bright wrote:
On 7/25/2017 6:09 PM, Steven Schveighoffer wrote:
Likewise, because D depends on hardware flagging of
dereferencing null as a segfault, any platforms that *don't*
have that for C also won't have it for D. And then @safe
doesn't
On Wednesday, 26 July 2017 at 01:09:50 UTC, Steven Schveighoffer
wrote:
On 7/25/17 8:45 PM, Timon Gehr wrote:
On 26.07.2017 02:35, Steven Schveighoffer wrote:
On 7/25/17 5:23 PM, Moritz Maxeiner wrote:
On Tuesday, 25 July 2017 at 20:16:41 UTC, Steven
Schveighoffer wrote:
The behavior is
On Wednesday, 26 July 2017 at 02:54:34 UTC, Walter Bright wrote:
* Operating system APIs grow like weeds. We'd set ourselves an
impossible task.
It is worthwhile, however, to augment the APIs with the
appropriate attributes like @nogc, scope, nothrow, @safe (for
the ones that are), etc.
On Tuesday, 25 July 2017 at 18:36:35 UTC, Moritz Maxeiner wrote:
fgetc cannot be @trusted the same way fclose cannot be @trusted.
If you pass either of them `null` - which constitutes a legal
@safe context - the behaviour is undefined, which contradicts
@trusted definition:
exhibit any
On 7/26/17 7:55 AM, Timon Gehr wrote:
On 26.07.2017 13:22, Steven Schveighoffer wrote:
On 7/26/17 6:01 AM, Timon Gehr wrote:
On 26.07.2017 03:09, Steven Schveighoffer wrote:
...
In other words, I think we can assume for any C functions that are
passed pointers that dereference those
On 26.07.2017 13:22, Steven Schveighoffer wrote:
On 7/26/17 6:01 AM, Timon Gehr wrote:
On 26.07.2017 03:09, Steven Schveighoffer wrote:
...
In other words, I think we can assume for any C functions that are
passed pointers that dereference those pointers, passing null is
safely going to
On 7/26/17 6:01 AM, Timon Gehr wrote:
On 26.07.2017 03:09, Steven Schveighoffer wrote:
On 7/25/17 8:45 PM, Timon Gehr wrote:
...
What Moritz is saying is that the following implementation of fclose
is correct according to the C standard:
int fclose(FILE *stream){
if(stream == NULL){
On 7/26/17 3:05 AM, Shachar Shemesh wrote:
On 25/07/17 18:26, Andrei Alexandrescu wrote:
(btw void[] doesn't work)
Can you expand on this point?
Shachar
Because anything casts to void[] implicitly.
e.g.:
void main() @safe
{
int *[] arr = new int*[5];
read(0, arr); // reading raw
On 26.07.2017 05:02, Walter Bright wrote:
On 7/25/2017 5:56 PM, Andrei Alexandrescu wrote:
I'd think that would be the case, but failed to find a fgetc
implementation that mentions it's undefined for a null FILE*. Is there
a link? Thx. -- Andrei
The documentation for DMC++ fgetc() is:
On 26.07.2017 02:56, Andrei Alexandrescu wrote:
What Moritz is saying is that the following implementation of fclose
is correct according to the C standard:
int fclose(FILE *stream){
if(stream == NULL){
return go_wild_and_corrupt_all_the_memory();
}else{
return
On 26.07.2017 03:09, Steven Schveighoffer wrote:
On 7/25/17 8:45 PM, Timon Gehr wrote:
...
What Moritz is saying is that the following implementation of fclose
is correct according to the C standard:
int fclose(FILE *stream){
if(stream == NULL){
return
On Wednesday, 26 July 2017 at 06:44:51 UTC, Shachar Shemesh wrote:
On 25/07/17 18:29, Moritz Maxeiner wrote:
On Tuesday, 25 July 2017 at 14:39:15 UTC, Shachar Shemesh
wrote:
On 25/07/17 17:24, Moritz Maxeiner wrote:
On Tuesday, 25 July 2017 at 13:50:16 UTC, Shachar Shemesh
wrote:
The title
On Wednesday, 26 July 2017 at 00:35:13 UTC, Steven Schveighoffer
wrote:
On 7/25/17 5:23 PM, Moritz Maxeiner wrote:
On Tuesday, 25 July 2017 at 20:16:41 UTC, Steven Schveighoffer
wrote:
The behavior is defined. It will crash with a segfault.
In C land that behaviour is a platform
On 25/07/17 18:26, Andrei Alexandrescu wrote:
(btw void[] doesn't work)
Can you expand on this point?
Shachar
On 25/07/17 18:29, Moritz Maxeiner wrote:
On Tuesday, 25 July 2017 at 14:39:15 UTC, Shachar Shemesh wrote:
On 25/07/17 17:24, Moritz Maxeiner wrote:
On Tuesday, 25 July 2017 at 13:50:16 UTC, Shachar Shemesh wrote:
The title really does says it all.
Since you explicitly state *all* OS
On 7/25/2017 6:09 PM, Steven Schveighoffer wrote:
Likewise, because D depends on hardware flagging of dereferencing null as a
segfault, any platforms that *don't* have that for C also won't have it for D.
And then @safe doesn't even work in D code either.
I spent 10 years programming on DOS
On 7/25/2017 5:56 PM, Andrei Alexandrescu wrote:
I'd think that would be the case, but failed to find a fgetc implementation that
mentions it's undefined for a null FILE*. Is there a link? Thx. -- Andrei
The documentation for DMC++ fgetc() is:
https://digitalmars.com/rtl/stdio.html#fgetc
On 7/25/2017 8:26 AM, Andrei Alexandrescu wrote:
A suite of safe wrappers on OS primitives might be useful.
The idea of fixing the operating system interface(s) has come up now and then.
I've tried to discourage that on the following grounds:
* We are not in the operating system business.
On 7/25/17 8:45 PM, Timon Gehr wrote:
On 26.07.2017 02:35, Steven Schveighoffer wrote:
On 7/25/17 5:23 PM, Moritz Maxeiner wrote:
On Tuesday, 25 July 2017 at 20:16:41 UTC, Steven Schveighoffer wrote:
The behavior is defined. It will crash with a segfault.
In C land that behaviour is a
On 07/25/2017 08:45 PM, Timon Gehr wrote:
On 26.07.2017 02:35, Steven Schveighoffer wrote:
On 7/25/17 5:23 PM, Moritz Maxeiner wrote:
On Tuesday, 25 July 2017 at 20:16:41 UTC, Steven Schveighoffer wrote:
The behavior is defined. It will crash with a segfault.
In C land that behaviour is a
On 26.07.2017 02:45, Timon Gehr would have liked to have written:
...
What Moritz is saying is that the following implementation of fclose is
correct according to the C standard:
int fclose(FILE *stream){
if(stream == NULL){
return go_wild_and_corrupt_all_the_memory();
On 26.07.2017 02:35, Steven Schveighoffer wrote:
On 7/25/17 5:23 PM, Moritz Maxeiner wrote:
On Tuesday, 25 July 2017 at 20:16:41 UTC, Steven Schveighoffer wrote:
The behavior is defined. It will crash with a segfault.
In C land that behaviour is a platform (hardware/OS/libc) specific
On 7/25/17 5:23 PM, Moritz Maxeiner wrote:
On Tuesday, 25 July 2017 at 20:16:41 UTC, Steven Schveighoffer wrote:
The behavior is defined. It will crash with a segfault.
In C land that behaviour is a platform (hardware/OS/libc) specific
implementation detail (it's what you generally expect to
On Tuesday, 25 July 2017 at 20:16:41 UTC, Steven Schveighoffer
wrote:
On 7/25/17 2:36 PM, Moritz Maxeiner wrote:
On Tuesday, 25 July 2017 at 18:07:06 UTC, Steven Schveighoffer
wrote:
On 7/25/17 12:14 PM, Kagamin wrote:
While we're at it, check this:
On 7/25/17 2:36 PM, Moritz Maxeiner wrote:
On Tuesday, 25 July 2017 at 18:07:06 UTC, Steven Schveighoffer wrote:
On 7/25/17 12:14 PM, Kagamin wrote:
While we're at it, check this:
https://github.com/dlang/druntime/blob/master/src/core/stdc/stdio.d#L1047
Looks fine to me. That's not an
On Tuesday, 25 July 2017 at 18:07:06 UTC, Steven Schveighoffer
wrote:
On 7/25/17 12:14 PM, Kagamin wrote:
While we're at it, check this:
https://github.com/dlang/druntime/blob/master/src/core/stdc/stdio.d#L1047
Looks fine to me. That's not an array of FILE, it's a single
pointer.
fgetc
On 07/25/2017 02:20 PM, Steven Schveighoffer wrote:
On 7/25/17 2:14 PM, Andrei Alexandrescu wrote:
On 07/25/2017 12:14 PM, Kagamin wrote:
While we're at it, check this:
https://github.com/dlang/druntime/blob/master/src/core/stdc/stdio.d#L1047
That might be a mistake. Is fclose(f); getc(f);
On 7/25/17 2:14 PM, Andrei Alexandrescu wrote:
On 07/25/2017 12:14 PM, Kagamin wrote:
While we're at it, check this:
https://github.com/dlang/druntime/blob/master/src/core/stdc/stdio.d#L1047
That might be a mistake. Is fclose(f); getc(f); defined? -- Andrei
fclose is not @safe.
The charter
On 07/25/2017 12:14 PM, Kagamin wrote:
While we're at it, check this:
https://github.com/dlang/druntime/blob/master/src/core/stdc/stdio.d#L1047
That might be a mistake. Is fclose(f); getc(f); defined? -- Andrei
On 07/25/2017 11:50 AM, Steven Schveighoffer wrote:
On 7/25/17 11:26 AM, Andrei Alexandrescu wrote:
About http://man7.org/linux/man-pages/man2/read.2.html, there's just a
bit of wrapping necessary:
nothrow @trusted @nogc
ssize_t read(int fd, ubyte[] buf)
{
return read(fd, buf.ptr,
On 7/25/17 12:46 PM, Kagamin wrote:
On Tuesday, 25 July 2017 at 15:12:30 UTC, Steven Schveighoffer wrote:
I think signalfd can be marked @trusted, as @safe code supports
pointing at a single element.
What about functions that take zero terminated strings? Are they ok to
read past the end of
On 7/25/17 12:14 PM, Kagamin wrote:
While we're at it, check this:
https://github.com/dlang/druntime/blob/master/src/core/stdc/stdio.d#L1047
Looks fine to me. That's not an array of FILE, it's a single pointer.
-Steve
On Tuesday, 25 July 2017 at 15:12:30 UTC, Steven Schveighoffer
wrote:
I think signalfd can be marked @trusted, as @safe code supports
pointing at a single element.
What about functions that take zero terminated strings? Are they
ok to read past the end of allocated object?
While we're at it, check this:
https://github.com/dlang/druntime/blob/master/src/core/stdc/stdio.d#L1047
On 7/25/17 11:26 AM, Andrei Alexandrescu wrote:
About http://man7.org/linux/man-pages/man2/read.2.html, there's just a
bit of wrapping necessary:
nothrow @trusted @nogc
ssize_t read(int fd, ubyte[] buf)
{
return read(fd, buf.ptr, buf.length);
}
(btw void[] doesn't work)
[snip]
A
On Tuesday, 25 July 2017 at 14:39:15 UTC, Shachar Shemesh wrote:
On 25/07/17 17:24, Moritz Maxeiner wrote:
On Tuesday, 25 July 2017 at 13:50:16 UTC, Shachar Shemesh
wrote:
The title really does says it all.
Since you explicitly state *all* OS functions:
nothrow: Should be OK (only callbacks
On 07/25/2017 10:43 AM, ag0aep6g wrote:
On 07/25/2017 04:32 PM, Shachar Shemesh wrote:
And, indeed, the code calling "read" shouldn't be able to do that as
@safe. Read itself, however, is trusted (because, let's face it, if
you cannot trust the kernel, you're screwed anyways).
That's not how
On 7/25/17 10:27 AM, Shachar Shemesh wrote:
On 25/07/17 17:12, Stefan Koch wrote:
On Tuesday, 25 July 2017 at 13:50:16 UTC, Shachar Shemesh wrote:
The title really does says it all. I keep copying OS function
declarations into my code, just so I can add those attributes to
them. Otherwise I
On Tuesday, 25 July 2017 at 14:32:18 UTC, Shachar Shemesh wrote:
On 25/07/17 17:11, ag0aep6g wrote:
On 07/25/2017 03:50 PM, Shachar Shemesh wrote:
The title really does says it all. I keep copying OS function
declarations into my code, just so I can add those attributes
to them. Otherwise I
On 07/25/2017 04:32 PM, Shachar Shemesh wrote:
And, indeed, the code calling "read" shouldn't be able to do that as
@safe. Read itself, however, is trusted (because, let's face it, if you
cannot trust the kernel, you're screwed anyways).
That's not how `@trusted` works. The point of
On 25/07/17 17:24, Moritz Maxeiner wrote:
On Tuesday, 25 July 2017 at 13:50:16 UTC, Shachar Shemesh wrote:
The title really does says it all.
Since you explicitly state *all* OS functions:
nothrow: Should be OK (only callbacks could violate this and they should
be nothrow, anyway).
On 25/07/17 17:11, ag0aep6g wrote:
On 07/25/2017 03:50 PM, Shachar Shemesh wrote:
The title really does says it all. I keep copying OS function
declarations into my code, just so I can add those attributes to them.
Otherwise I simply cannot call "signalfd" and "sigemptyset" (to name a
couple
On 25/07/17 17:12, Stefan Koch wrote:
On Tuesday, 25 July 2017 at 13:50:16 UTC, Shachar Shemesh wrote:
The title really does says it all. I keep copying OS function
declarations into my code, just so I can add those attributes to them.
Otherwise I simply cannot call "signalfd" and
On Tuesday, 25 July 2017 at 13:50:16 UTC, Shachar Shemesh wrote:
The title really does says it all.
Since you explicitly state *all* OS functions:
nothrow: Should be OK (only callbacks could violate this and they
should be nothrow, anyway).
@trusted: This can only be done for those functions
On Tuesday, 25 July 2017 at 13:50:16 UTC, Shachar Shemesh wrote:
The title really does says it all. I keep copying OS function
declarations into my code, just so I can add those attributes
to them. Otherwise I simply cannot call "signalfd" and
"sigemptyset" (to name a couple from my most
On 07/25/2017 03:50 PM, Shachar Shemesh wrote:
The title really does says it all. I keep copying OS function
declarations into my code, just so I can add those attributes to them.
Otherwise I simply cannot call "signalfd" and "sigemptyset" (to name a
couple from my most recent history) from
The title really does says it all. I keep copying OS function
declarations into my code, just so I can add those attributes to them.
Otherwise I simply cannot call "signalfd" and "sigemptyset" (to name a
couple from my most recent history) from @safe code.
I can try and set up a PR when I
91 matches
Mail list logo