Trusted answers to developer questions
Trusted Answers to Developer Questions

Related Tags

dlang

What are safe functions in D?

Tahreem Yasir

Grokking Modern System Design Interview for Engineers & Managers

Ace your System Design Interview and take your career to the next level. Learn to handle the design of applications like Netflix, Quora, Facebook, Uber, and many more in a 45-min interview. Learn the RESHADED framework for architecting web-scale applications by determining requirements, constraints, and assumptions before diving into a step-by-step design process.

Overview

Safe functions in the D ensure memory safety by using safe values, operations, and interfaces inside their body. The @safe keyword marks these functions.

Points to remember

Here are some important points we should note about safe functions in D:

  • Safe functions are free of undefined behaviour. It means they cannot access unallocated or recycled memory.
  • Safe functions cannot manipulate unsafe values from other parts of the program through reference parameters, global variables, or return values.
  • Safe functions are checked at the compile time to ensure that features such as pointer arithmetic and unchecked casts are not present inside their bodies.
  • Safe functions can still throw runtime exceptions, such as uninitialized class objects. However, they are memory-safe because they cannot access unallocated memory.

Example

Let use the famous problem of printing "Hello World" in C. The code for printing "Hello World" is given below, where printf is used for printing a string of characters.:

#include<stdio.h>
int main() {
    printf("hello, world\n");
    return 0;
}
Simple "Hello World" code in C

A variadic function in C—printf

The following code snippet shows the signature of printf accepting several arguments of different types. The details of these arguments are encoded in the format string. Thus, printf is a variadic function, where ... represents optional parameters. It it can take an indeterminate number of arguments.

int printf (const char * restrict format, ...); 
Signature of printf in C

Let's understand this concept using the code below, which prints different combinations of strings and integers. The following code explains that printf needs at least one string argument followed by 0 or more arguments of different types, the details of which are encoded in format:

#include<stdio.h>
int main() {
    char myString[ ] = "hello World";
    int myInt = 0;
    printf("This is a string: %s", myString);
    printf("\nThis is a string: %s and an int: %d", myString, myInt);
    return 0;
}

Why printf is unsafe in C

Here are some reasons why printf is unsafe in C:

  • The match between the format string and argument list does not occur at the compile time.
  • Calling printf with too few arguments does not always give a warning but, as per standard C guidelines, it can result in undefined behavior.
  • Undefined behaviour can result in execution in a compromised state or even execution of malicious code.
  • Using a pointer * format also violates the principle of memory safety.

In the above example, * format points to a null-terminated string. So, it does not result in compromised code. Thus, the programmer must ensure that any pointer should point to a valid piece of data.

Now let's see an equivalent safe function in D:

import std.stdio;

void main()
{
    writeln("Hello, World!");
}
"Hello World" in D

Why writeln is safe in D

Here are some reasons why writeln is safe in D:

  • It receives a variable number of arguments of various types. However, a separate template is saved with the compiler for each signature.
  • Further memory safety of writeln is ensured at compile-time using code templates while dealing with a variable number of arguments using tuples.
  • In this example, writeln is called with a single string type argument. Strings in D are not pointers, but immutable char arrays (a safe subset of D).

Limitations of safe functions

Here are some limitations of safe functions in D:

  • Safe functions have several restrictions that make it difficult to write helpful code with only safe functions.
  • Safe functions cannot perform I/O operations or use system calls.
  • Safe functions cannot call external functions.

RELATED TAGS

dlang

CONTRIBUTOR

Tahreem Yasir
Copyright ©2022 Educative, Inc. All rights reserved

Grokking Modern System Design Interview for Engineers & Managers

Ace your System Design Interview and take your career to the next level. Learn to handle the design of applications like Netflix, Quora, Facebook, Uber, and many more in a 45-min interview. Learn the RESHADED framework for architecting web-scale applications by determining requirements, constraints, and assumptions before diving into a step-by-step design process.

Keep Exploring