This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Safety annotations for unsafe-by-fiat functions
- From: Alexandre Oliva <aoliva at redhat dot com>
- To: Florian Weimer <fweimer at redhat dot com>
- Cc: GNU C Library <libc-alpha at sourceware dot org>
- Date: Tue, 09 Jun 2015 15:18:12 -0300
- Subject: Re: Safety annotations for unsafe-by-fiat functions
- Authentication-results: sourceware.org; auth=none
- References: <5555F006 dot 80900 at redhat dot com>
On May 15, 2015, Florian Weimer <fweimer@redhat.com> wrote:
> In some cases, we have functions which have safety properties as an
> accident of implementation, but we might want to reserve the right to
> turn them into into unsafe functions later. Is there a way to express
> this in the annotations?
So far, the annotations only state properties of the implementation, and
the documentation that introduces them says so. We envision them to
transition to a non-preliminary form in which they state commitments, at
which point we should decide whether we want to promise safety even
though it's not required by standards, and even though it's just an
accident of the implementation. I guess at that point we may have to
introduce a new macro to convey this intent. Answering your question,
there isn't a convention on how to express it right now.
--
Alexandre Oliva, freedom fighter http://FSFLA.org/~lxoliva/
You must be the change you wish to see in the world. -- Gandhi
Be Free! -- http://FSFLA.org/ FSF Latin America board member
Free Software Evangelist|Red Hat Brasil GNU Toolchain Engineer