memory safety checks and trust
Timon Gehr
timon.gehr at gmx.ch
Sun Apr 12 02:43:15 UTC 2020
On 11.04.20 04:57, Walter Bright wrote:
> On 4/10/2020 6:21 PM, Adam D. Ruppe wrote:
>> ```
>> void main() {
>> int a;
>> b ~= &a;
>> }
>>
>> int*[] b;
>> ```
>>
>> trust.d(3): Error: copying & a into allocated memory escapes a
>> reference to local variable a
>>
>>
>> (Interestingly, `b = [&a]` instead of ~= passes muster. What's the
>> difference? Just another bug in this?)
>
> You will get the error with -preview=dip1000. Since that will eventually
> be the default, it's not a bug.
> ...
Clearly there is a bug or bad design if the address of a`` escaping in
`b ~= &a` and in `b = [&a]` are not treated the same. But like Adam I
don't see why there should be such a check in @system/@trusted code at
all. (I understand that there is a workaround, but that should not be
required.)
Can we please settle on making @safe actually memory safe and
@system/@trusted actually trust the programmer?
More information about the Digitalmars-d
mailing list