[Issue 14125] std.file has gotten out of hand

via Digitalmars-d-bugs digitalmars-d-bugs at puremagic.com
Wed Feb 4 16:24:18 PST 2015


https://issues.dlang.org/show_bug.cgi?id=14125

--- Comment #12 from Dicebot <public at dicebot.lv> ---
(In reply to Walter Bright from comment #10)
> Consider the following code:
> 
>     @trusted void* trustedMalloc(size_t n) { return malloc(n); }
>     @trusted void trustedFree(void* p) { free(p); }
> 
>     @safe void foo() {
>         auto p = trustedMalloc(5);
>         trustedFree(p);
>         trustedFree(p);
>     }
> 
> foo() passes @safe checks, yet is able to corrupt memory. The fault is that
> the @trusted functions failed to encapsulate what they're doing and present
> a safe interface.
> 
> @trusted functions must be reviewed to determine if they present a safe
> interface or not. Merely wrapping an unsafe operation is not good enough and
> must not pass review.

This is why such wrapper functions are wlays kept private and as long as
possible - local to functions those are used in.

It would help a lot if `() @trusted { foo(); }` lambdas could be 100% inlined -
then those could be used instead to prevent accidentla reusage of wrapper in
wrong context.

--


More information about the Digitalmars-d-bugs mailing list