DIP 1021--Argument Ownership and Function Calls--Community Review Round 1
ag0aep6g
anonymous at example.com
Thu Jul 18 09:09:37 UTC 2019
On 15.07.19 17:23, Mike Parker wrote:
> This is the feedback thread for the first round of Community Review for
> DIP 1021, "Argument Ownership and Function Calls":
>
> https://github.com/dlang/DIPs/blob/793f83911fdc8c88c6ef34e6a36b5e11e3e574e5/DIPs/DIP1021.md
The DIP isn't clear in what it is supposed to achieve. Is there actual
@safe code that can cause memory corruption currently, which the DIP
would prevent? Or would the DIP allow code to be @trusted that can't be
currently?
As far as I understand, the DIP would allow `free` to be @trusted in
certain situations.
I.e., this isn't okay currently:
struct S
{
byte* ptr;
byte* get() { return ptr; }
this(byte value) @trusted
{
ptr = cast(byte*) malloc(1);
*ptr = value;
}
void clear() @trusted
{
free(ptr);
ptr = null;
}
}
... because a function could call `clear` while already having obtained
`ptr`.
But it would be with the DIP, maybe? Is that the point of the DIP?
Except it still wouldn't be 100% ok, because @safe code could set `ptr =
new byte;` and then `free` would be called on GC memory.
More information about the Digitalmars-d
mailing list