dip1000 and preview in combine to cause extra safety errors
Timon Gehr
timon.gehr at gmx.ch
Thu Jun 9 01:19:29 UTC 2022
On 09.06.22 03:10, Ali Çehreli wrote:
> On 6/8/22 18:04, Timon Gehr wrote:
> > On 09.06.22 02:54, Timon Gehr wrote:
> >> On 09.06.22 02:44, Ali Çehreli wrote:
> >>> The society trusts C libraries, so do we.
> >>
> >> free(cast(void*)0xDEADBEEF)
> >>
> >> Seems legit.
> >
> > I guess this does not actually make the point very well. Second try:
> >
> > ```d
> > free(new int);
> > ```
> >
> > Seems legit. The C library can do no wrong!
>
> I still don't get it. :(
> ...
`@trusted` has a specific meaning, it does not mean we believe the
implementer of `free` is a nice guy. It means the specification of
`free` says it's safe to call with any valid pointer and we believe that
it is true. This is not the case, hence it cannot be `@trusted`.
> ...
>
> I mean, who wins by @system-by-default? Nobody. The code is not safer.
> ...
That's on Walter.
More information about the Digitalmars-d
mailing list