dip1000 and preview in combine to cause extra safety errors
Ali Çehreli
acehreli at yahoo.com
Thu Jun 9 01:10:56 UTC 2022
On 6/8/22 18:04, Timon Gehr wrote:
> On 09.06.22 02:54, Timon Gehr wrote:
>> On 09.06.22 02:44, Ali Çehreli wrote:
>>> The society trusts C libraries, so do we.
>>
>> free(cast(void*)0xDEADBEEF)
>>
>> Seems legit.
>
> I guess this does not actually make the point very well. Second try:
>
> ```d
> free(new int);
> ```
>
> Seems legit. The C library can do no wrong!
I still don't get it. :(
That mistake has nothing to do with the C library. If your object is to
@trusted code being able to call free, then no special marking can be
practically useful. Forcing D code to be @system just to call free() is
counter productive because the D code does not get checked.
When D code is @trustet, at least situation like my other response would
be caught by D.
I mean, who wins by @system-by-default? Nobody. The code is not safer.
Ali
More information about the Digitalmars-d
mailing list