Thread overview | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
October 17, 2013 Safe mode in D? | ||||
---|---|---|---|---|
| ||||
Hi I heard that you can pass a command line argument to make D safe. Like 0 chance of memory corruption and such. I tried looking here http://dlang.org/dmd-linux.html but I couldn't figure it out. If it matters I'm on windows using the latest until a new version came out ~3weeks ago |
October 17, 2013 Re: Safe mode in D? | ||||
---|---|---|---|---|
| ||||
Posted in reply to DDD | On Thursday, 17 October 2013 at 22:56:04 UTC, DDD wrote: > Hi I heard that you can pass a command line argument to make D safe. I don't think the command line argument is available anymore, instead it uses a function level annotation @safe So, on the function you want, you put it down and then that function can only do memory safe operations and only call other @safe, or manually verified @trusted functions. To get it site wide, you can put it on main: @safe void main() { // memory safe function } Note that not all standard library functions are properly marked @safe, so not all stdlib functions will be available. Notably, writeln() in std.stdio is not marked safe... you can work around it by making a @trusted writeln as described here http://stackoverflow.com/questions/19413340/escaping-safety-with-debug-statements |
October 17, 2013 Re: Safe mode in D? | ||||
---|---|---|---|---|
| ||||
Posted in reply to Adam D. Ruppe | On Thursday, 17 October 2013 at 23:03:52 UTC, Adam D. Ruppe wrote:
> On Thursday, 17 October 2013 at 22:56:04 UTC, DDD wrote:
>> Hi I heard that you can pass a command line argument to make D safe.
>
> I don't think the command line argument is available anymore, instead it uses a function level annotation @safe
>
> So, on the function you want, you put it down and then that function can only do memory safe operations and only call other @safe, or manually verified @trusted functions.
>
> To get it site wide, you can put it on main:
>
> @safe void main() {
> // memory safe function
> }
>
>
> Note that not all standard library functions are properly marked @safe, so not all stdlib functions will be available. Notably, writeln() in std.stdio is not marked safe... you can work around it by making a @trusted writeln as described here
>
> http://stackoverflow.com/questions/19413340/escaping-safety-with-debug-statements
Is there a way to make everything safe by default and give me a compile error if it isn't?
|
October 17, 2013 Re: Safe mode in D? | ||||
---|---|---|---|---|
| ||||
Posted in reply to DDD | On 10/17/2013 03:56 PM, DDD wrote: > Hi I heard that you can pass a command line argument to make D safe. > Like 0 chance of memory corruption and such. I tried looking here > http://dlang.org/dmd-linux.html but I couldn't figure it out. If it > matters I'm on windows using the latest until a new version came out > ~3weeks ago An example to complement Adam D. Ruppe's answer: /* @system is the default */ @system void can_do_anything() { int a; int * p = &a; } /* Must be @trusted to be able to call function that are safe but not marked * as such. */ @trusted void bridge_between_safe_and_actually_safe() { safe_but_not_marked_as_such(); } @safe void safeD_function() { int a; // CANNOT BE COMPILED: // int * p = &a; // Can call @trusted from @safe bridge_between_safe_and_actually_safe(); } void safe_but_not_marked_as_such() {} void main() { can_do_anything(); bridge_between_safe_and_actually_safe(); safeD_function(); } Ali P.S. There is also the D.learn newsgroup. ;) |
October 17, 2013 Re: Safe mode in D? | ||||
---|---|---|---|---|
| ||||
Posted in reply to DDD | On Thursday, 17 October 2013 at 23:08:12 UTC, DDD wrote:
> Is there a way to make everything safe by default and give me a compile error if it isn't?
Not exactly. The closest you can get is putting @safe on main, because then everything you call in the whole program would be forced to be safe too (because @safe main won't be allowed to call unsafe (@system) functions, all the way down the chain, this is caught at compile time btw), or you can put @safe: at the top of your file, then it will apply to everything beneath it in the whole module.
|
October 17, 2013 Re: Safe mode in D? | ||||
---|---|---|---|---|
| ||||
Posted in reply to Ali Çehreli | On Thursday, 17 October 2013 at 23:08:13 UTC, Ali Çehreli wrote:
> On 10/17/2013 03:56 PM, DDD wrote:
>> Hi I heard that you can pass a command line argument to make D safe.
>> Like 0 chance of memory corruption and such. I tried looking here
>> http://dlang.org/dmd-linux.html but I couldn't figure it out. If it
>> matters I'm on windows using the latest until a new version came out
>> ~3weeks ago
>
> An example to complement Adam D. Ruppe's answer:
>
> /* @system is the default */
> @system void can_do_anything()
> {
> int a;
> int * p = &a;
> }
>
> /* Must be @trusted to be able to call function that are safe but not marked
> * as such. */
> @trusted void bridge_between_safe_and_actually_safe()
> {
> safe_but_not_marked_as_such();
> }
>
> @safe void safeD_function()
> {
> int a;
> // CANNOT BE COMPILED:
> // int * p = &a;
>
> // Can call @trusted from @safe
> bridge_between_safe_and_actually_safe();
> }
>
> void safe_but_not_marked_as_such()
> {}
>
> void main()
> {
> can_do_anything();
> bridge_between_safe_and_actually_safe();
> safeD_function();
> }
>
> Ali
>
> P.S. There is also the D.learn newsgroup. ;)
I tried this code and the compiler allowed it (runtime I get object.Error: Access Violation). What am I doing wrong?
Thanks I didn't notice
@safe
import std.stdio;
class A {
int x = 1;
}
@safe void main() {
A a;
a.x=9;
}
|
October 17, 2013 Re: Safe mode in D? | ||||
---|---|---|---|---|
| ||||
Posted in reply to DDD | On Thursday, 17 October 2013 at 23:18:21 UTC, DDD wrote:
> I tried this code and the compiler allowed it (runtime I get object.Error: Access Violation). What am I doing wrong?
>
> Thanks I didn't notice
>
> @safe
> import std.stdio;
> class A {
> int x = 1;
> }
> @safe void main() {
> A a;
> a.x=9;
> }
This is more or less a different thing. SafeD doesn't guarantee that your class references will not be null. Trying to call a method on a null reference is perfectly valid in SafeD. There's a pull request sitting in GitHub for a NotNull type that should be reasonable good for ensuring that your references are not null, but it hasn't been pulled yet.
|
October 17, 2013 Re: Safe mode in D? | ||||
---|---|---|---|---|
| ||||
Posted in reply to Meta | An addendum: this is what SafeD guarantees. http://dlang.org/safed.html |
October 17, 2013 Re: Safe mode in D? | ||||
---|---|---|---|---|
| ||||
Posted in reply to DDD | On Thursday, 17 October 2013 at 23:18:21 UTC, DDD wrote:
> I tried this code and the compiler allowed it (runtime I get object.Error: Access Violation). What am I doing wrong?
D doesn't consider null pointer deference to be unsafe, since its behavior is predictable (the hardware will catch it and kill the program). This btw is arguably wrong, since dereferencing a large null object can potentially overwrite other stuff, but it is how it is right now.
@safe prohibits casting ints to pointers, doing pointer arithmetic, and other similar things that can create hard to find bugs and other undefined behavior.
|
October 18, 2013 Re: Safe mode in D? | ||||
---|---|---|---|---|
| ||||
Posted in reply to Meta | On Thursday, 17 October 2013 at 23:25:52 UTC, Meta wrote:
> On Thursday, 17 October 2013 at 23:18:21 UTC, DDD wrote:
>> I tried this code and the compiler allowed it (runtime I get object.Error: Access Violation). What am I doing wrong?
>>
>> Thanks I didn't notice
>>
>> @safe
>> import std.stdio;
>> class A {
>> int x = 1;
>> }
>> @safe void main() {
>> A a;
>> a.x=9;
>> }
>
> This is more or less a different thing. SafeD doesn't guarantee that your class references will not be null. Trying to call a method on a null reference is perfectly valid in SafeD. There's a pull request sitting in GitHub for a NotNull type that should be reasonable good for ensuring that your references are not null, but it hasn't been pulled yet.
Actually on linux this will segfault so in general this is not safe across all platforms.
|
Copyright © 1999-2021 by the D Language Foundation