Why is "delete" unsafe?
Paul Backus
snarwin at gmail.com
Wed Sep 23 23:06:50 UTC 2020
On Wednesday, 23 September 2020 at 04:15:51 UTC, mw wrote:
> On Saturday, 27 October 2012 at 01:08:12 UTC, Jonathan M Davis
> wrote:
>> Yes. But using core.memory.GC.free is unsafe for the same
>> reasons that delete is. It's just that it's a druntime
>> function instead of a part of the language, so it's less
>> likely for someone to free GC memory without knowing what
>> they're doing. It's there because there _are_ times when it
>> makes sense and is useful, but it's definitely not safe, so
>> you have to be careful and know what you're doing.
>
> What do you mean by saying "it's definitely not safe" here?
>
> I mean: if I'm careful and know what I'm doing, e.g. remove all
> the reference to any part of the `object` before call
> core.memory.GC.free(object), is there still any inherit
> "unsafe" side of `free` I should be aware of?
>
> FYI: I just described my use case here:
>
> https://forum.dlang.org/post/hzryuifoixwwywwifwbz@forum.dlang.org
The logic is: @safe code isn't allowed to have access to dangling
pointers, because you're allowed to dereference pointers in @safe
code, and dereferencing a dangling pointer is undefined behavior.
Since manually freeing memory can create dangling pointers,
you're not allowed to do it in @safe code.
If you can prove with 100% certainty that you're not going to
create a dangling pointer, you can wrap the call to `free` in a
@trusted lambda:
() @trusted { free(ptr); ptr = null; }();
More information about the Digitalmars-d-learn
mailing list