This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Safety annotations for unsafe-by-fiat functions

From: Alexandre Oliva <aoliva at redhat dot com>
To: Florian Weimer <fweimer at redhat dot com>
Cc: GNU C Library <libc-alpha at sourceware dot org>
Date: Tue, 09 Jun 2015 15:18:12 -0300
Subject: Re: Safety annotations for unsafe-by-fiat functions
Authentication-results: sourceware.org; auth=none
References: <5555F006 dot 80900 at redhat dot com>

On May 15, 2015, Florian Weimer <fweimer@redhat.com> wrote:

> In some cases, we have functions which have safety properties as an
> accident of implementation, but we might want to reserve the right to
> turn them into into unsafe functions later.  Is there a way to express
> this in the annotations?

So far, the annotations only state properties of the implementation, and
the documentation that introduces them says so.  We envision them to
transition to a non-preliminary form in which they state commitments, at
which point we should decide whether we want to promise safety even
though it's not required by standards, and even though it's just an
accident of the implementation.  I guess at that point we may have to
introduce a new macro to convey this intent.  Answering your question,
there isn't a convention on how to express it right now.

-- 
Alexandre Oliva, freedom fighter    http://FSFLA.org/~lxoliva/
You must be the change you wish to see in the world. -- Gandhi
Be Free! -- http://FSFLA.org/   FSF Latin America board member
Free Software Evangelist|Red Hat Brasil GNU Toolchain Engineer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]