FFISafe
public protocol FFISafeMarker protocol for types that can cross an @extern(.C) boundary.
FFISafe is empty — conformance is purely a contract that the
type's in-memory layout matches what a C function expects.
Conformance is not automatically transitive at the type level:
the compiler checks FFISafe constraints separately on each
generic instantiation. The conformance rules:
- Primitive numeric types and
Boolconform automatically. Pointer[T]conforms iffT: FFISafe.- Tuples of
FFISafetypes conform. - User structs may opt in (
struct Foo: FFISafe); every field must itself beFFISafe.
String and other heap-managed types do not conform — convert
at the boundary with String.toCString() and pass CString.
Examples
struct Point: FFISafe { var x: Int32; var y: Int32 }
@extern(.C, mangleName: "process_point")
func processPoint(p: Point) -> Int32Defined in lang/std/ffi/ffi.ks