The "@safe vs struct destructor" dilemma

Michel Fortin michel.fortin at michelf.ca
Sat Apr 12 04:06:33 PDT 2014


On 2014-04-12 10:29:50 +0000, "Kagamin" <spam at here.lot> said:

> On Saturday, 12 April 2014 at 03:02:56 UTC, Michel Fortin wrote:
>> 2- after the destructor is run on an object, wipe out the memory block 
>> with zeros. This way if another to-be-destructed object has a pointer 
>> to it, at worse it'll dereference a null pointer. With this you might 
>> get a sporadic crash when it happens, but that's better than memory 
>> corruption.
> 
> Other objects will have a valid pointer to zeroed out block and will be 
> able to call its methods. They are likely to crash, but it's not 
> guaranteed, they may just fine corrupt memory. Imagine the class has a 
> pointer to a memory block of 10MB size, the size is an enum and is 
> encoded in the function code (won't be zeroed), the function may write 
> to any region of that block of memory pointed to by null after the 
> clearing.

Well, that's a general problem of @safe when dereferencing any 
potentially null pointer. I think Walter's solution was to insert a 
runtime check if the offset is going to be beyond a certain size. But 
there has been discussions on non-nullable pointers since then, and I'm 
not sure what Walter thought about them.

The runtime check would help in this case, but not non-nullable pointers.

-- 
Michel Fortin
michel.fortin at michelf.ca
http://michelf.ca



More information about the Digitalmars-d mailing list