DIP 1025--Dynamic Arrays Only Shrink, Never Grow--Community Review Round 1

Nicholas Wilson iamthewilsonator at hotmail.com
Tue Nov 12 00:17:55 UTC 2019


On Monday, 11 November 2019 at 21:41:14 UTC, Walter Bright wrote:
> On 11/11/2019 5:13 AM, Dennis wrote:
>> ```
>> int[] slice = cast(int*)malloc(10 * int.sizeof)[0 .. 10];
>> slice = slice ~ 1; // now guaranteed to make a copy
>> free(slice.ptr); // Still oops
>> ```
>
> Imagine these 3 lines are spread out over a large code base.

People doing manual memory management without RAII deserve the 
codebase complexity  they get.

>> The following claim in the DIP is also unsubstantiated:
>> 
>>> This change is a necessary part of D evolving towards being 
>>> memory safe without using
>>> a GC.
>
> Memory safety cannot be achieved without control over who is 
> the owner of memory.
>
>> I would like to see an example of memory corruption in `@safe` 
>> code that can happen because of slice appending.
>
>   @trusted void myfree(void* p) { free(p); }
>   free(slice.ptr);

As noted elsewhere that is a broken @trusted, and therefore a 
user fault, not a language fault. This is no different to 
breaking the type system in any other way.



More information about the Digitalmars-d mailing list