nogc v0.5.0 - DIP1008 works!
anonymous at example.com
Mon May 27 09:48:27 UTC 2019
On 27.05.19 10:54, Atila Neves wrote:
> I don't see the problem here. This example would throw RangeError at
> runtime instead of actually overwriting memory unless bounds checking is
> turned off.
No, it doesn't. It's a complete, runnable example. You can try it at
home. It does overwrite `foo` and `bar`. It does not throw a RangeError.
> The other issue is that Mallocator has a @safe allocate function and a
> @system deallocate function since it's up to the user of the interface
> to supply a slice that was actually malloc'ed. It's clear that this
> interface is one that can be used @safely (and is by
> automem.vector.Vector). Likewise, reallocating is @system because there
> might be references to the old pointer, but it makes sense that a
> @trusted block could exist where the reviewer makes sure that there's
> only ever one reference to the allocated memory.
Yes, you can use @trusted to use Mallocator safely. And your code
(probably) does that. But the allocator in my example isn't Mallocator,
it's UnsafeAllocator. Your code doesn't use that one safely.
> Then there's the fact that if a 3rd party library really does want to
> corrupt memory they can just tag all their functions with @trusted, and
> unless someone looks at their code nobody will be the wiser.
In this thread, you're the author of that 3rd party library. You've got
the bad @trusted functions that lead to memory corruption. I'm the guy
who looked at it, noticed the problem, and tells you.
More information about the Digitalmars-d-announce