What are trusted functions in D?

What are trusted functions?

In D, trusted functions are used in scenarios where I/O operations or external and systems calls need to be performed while maintaining memory safety. A trusted function is denoted by the @trusted keyword. 

Example

For example, the following code snippet reads data from a file using the file descriptor fdand saves it into a buffer pointed to by ptr . The size of the buffer is specified by nBytes. Here, read is a system call that will return the number of bytes in the buffer or negative value in case of an error.

We use read to read data in a stack-allocated buffer. However, the following code is not conforming to the memory safety principles:

The trusted attribute

According to memory safety guidelines, a pointer can only point to a single piece of data, (a single ubyte) whileread expects to read multiple bytes in the buffer. Thus writing a safe code using readwill result in a compiler error.

To resolve this issue, D provides a @trusted attribute that tells the compiler that the code marked with this attribute is trusted, and there is no need to check for memory safety.

The D code that solves the above problem looks like this safeRead. This is a function that can be used safely in every case. Thus, it can be marked trusted.

Best Practices

• Before making a function trusted, it must be ensured that the external function is memory safe.
• Evaluation of memory safety of trusted functions reduces only to verify the safety of external functions.
• Adding trusted functions gives programmer flexibility to call external functions but trusted code must be kept small to verify memory safety.
• A compiler cannot determine that a trusted function is safe because it does not have access to the body of external functions.