A note on safety¶
Tinlok has two concepts of safety: system call safety, and API safety.
System call safety¶
Tinlok is built upon calls to
libc (on POSIX platforms) or the Windows API (on Windows
platforms). These calls are easy to misuse, can corrupt memory, and can generally ruin your day,
so KNSTE hides them behind platform-specific objects with all functions marked as
There is no common abstraction for these unsafe calls; only the safe wrappers around them.
Some common APIs are marked as unsafe, for varying reasons:
Easy to misuse
Some common APIs require extra setup before they can be used properly, or can corrupt memory, or other similarly evil things.
Kotlin/Native has no concept of finalisers. This means that opening a file without making sure you close it later on will leak that file descriptor, permanently.
The safety barrier is enforced by Kotlin’s
OptIn system, and the
All consumers of unsafe APIs must mark their caller as
to use unsafe APIs. Many of Tinlok’s APIs guard unsafe APIs in safe functions so it should be
very rare to ever need to use
@Unsafe functions directly.