nogc v0.5.0 - DIP1008 works!

ag0aep6g anonymous at
Mon May 27 09:48:27 UTC 2019

On 27.05.19 10:54, Atila Neves wrote:
> I don't see the problem here. This example would throw RangeError at 
> runtime instead of actually overwriting memory unless bounds checking is 
> turned off.

No, it doesn't. It's a complete, runnable example. You can try it at 
home. It does overwrite `foo` and `bar`. It does not throw a RangeError.

> The other issue is that Mallocator has a @safe allocate function and a 
> @system deallocate function since it's up to the user of the interface 
> to supply a slice that was actually malloc'ed. It's clear that this 
> interface is one that can be used @safely (and is by 
> automem.vector.Vector). Likewise, reallocating is @system because there 
> might be references to the old pointer, but it makes sense that a 
> @trusted block could exist where the reviewer makes sure that there's 
> only ever one reference to the allocated memory.

Yes, you can use @trusted to use Mallocator safely. And your code 
(probably) does that. But the allocator in my example isn't Mallocator, 
it's UnsafeAllocator. Your code doesn't use that one safely.

> Then there's the fact that if a 3rd party library really does want to 
> corrupt memory they can just tag all their functions with @trusted, and 
> unless someone looks at their code nobody will be the wiser.

In this thread, you're the author of that 3rd party library. You've got 
the bad @trusted functions that lead to memory corruption. I'm the guy 
who looked at it, noticed the problem, and tells you.

More information about the Digitalmars-d-announce mailing list