D mentioned on Rust discussions site
Joseph Rushton Wakeling
joseph.wakeling at webdrake.net
Thu May 21 21:26:12 UTC 2020
On Tuesday, 19 May 2020 at 11:38:48 UTC, Russel Winder wrote:
> https://users.rust-lang.org/t/dlang-adds-a-borrowchecker-called-the-ob-system-for-ownership-borrowing/42872
There is a technical question I'd like to ask here.
One of the participants in that thread posted what I considered
to be a rather contrived example where `malloc`, `free`, and
casts from pointer to value types and back (!) were combined to
produce a use-after-free effect.
Of course it's trivial to find ways to get the compiler to catch
the casts as unsafe. But in trying this out I settled on a much
simpler formulation that still doesn't get caught as a violation
of `@live` rules:
```
@live int* test1()
{
import core.stdc.stdlib : free, malloc;
import std.stdio : writefln;
scope p = cast(int*) malloc(int.sizeof);
free(p);
writefln!"%d"(*p);
return p;
}
```
Now, I'm not making any judgement here -- this is a provisional
feature with many limitations, that is clearly intended as a
first step to something bigger, and which is clearly advertised
as having a _lot_ of bugs right now. But I would like to
understand, for my own sake, why the above example is not
detecting that it's invalid to dereference `p` for the `writeln`,
or indeed to return `p` from the function.
(Tried with a freshly built dmd 2.092.0.)
More information about the Digitalmars-d
mailing list