On Tuesday, 6 May 2014 at 06:39:19 UTC, Ola Fosheim Grøstad wrote:
a GC friendly set of D constructs where FFI is followed by programmer guaranteed postconditions (specified by library authors).
Btw "postcondition" is the wrong term. In order to be robust need to specify how far into the GC heap a FFI can go while it is live. Consider callbacks from C to D. You don't know the layout of the stack frame, so you have to scan the stack assuming anything unknown is a pointer.
But that is not sufficient, because the C code may be holding references to the GC heap in a malloc'ed struct. So, you have to scan all reachable malloc'ed memory too.
At the end of the day some discipline is required for system level programming because the robust solutions are very expensive.
