forked from dlang/dlang.org
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmemory-safe-d.dd
50 lines (40 loc) · 1.49 KB
/
memory-safe-d.dd
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
Ddoc
$(SPEC_S Memory Safety,
$(P $(I Memory Safety) for a program is defined as it being
impossible for the program to corrupt memory.
Therefore, the safe subset of D consists only of programming
language features that are guaranteed to never result in memory
corruption. See $(LINK2 safed.html, this article) for a rationale.
)
$(P Memory-safe code $(DDSUBLINK function, function-safety, cannot
use certain language features), such as:
$(UL
$(LI Casts that break the type system.)
$(LI Modification of pointer values.)
$(LI Taking the address of a local variable or function parameter.)
)
)
$(H3 Usage)
$(P Memory safety can be enabled on a per-function basis using
the $(DDSUBLINK function, safe-functions, $(D @safe) attribute).
This can be inferred when the compiler has the function body
available. The $(DDSUBLINK function, trusted-functions, $(D
@trusted) attribute) can be used when a function has a safe
interface, but uses unsafe code internally. These functions can
be called from $(D @safe) code.
)
$(P Array bounds checks are necessary to enforce memory safety, so
these are enabled (by default) for $(D @safe) code even in $(B
-release) mode.
)
$(H3 Limitations)
$(P Memory safety does not imply that code is portable, uses only
sound programming practices, is free of byte order dependencies,
or other bugs. It is focussed only on eliminating memory corruption
possibilities.
)
)
Macros:
TITLE=Memory-Safe-D-Spec
WIKI=SafeDSpec
CATEGORY_SPEC=$0