Allocator-aware @safe reference counting is still not possible
Paul Backus
snarwin at gmail.com
Mon Jan 23 16:33:11 UTC 2023
On Monday, 23 January 2023 at 07:06:04 UTC, Richard (Rikki)
Andrew Cattermole wrote:
> On 23/01/2023 10:31 AM, Paul Backus wrote:
>> Can you explain more about @localsafe? I don't understand how
>> this is different from Dukc's proposal in the linked thread.
>
> Its @safe except you can call non-safe functions. Same goes for
> nogc and pure.
In this context, that makes it no different from @trusted.
The problem is that, in a generic allocator-aware container, if
you write a @trusted/@localsafe call to RCAllocator.deallocate,
there is nothing to stop someone from writing a custom allocator
with a deallocate function like this:
struct NaughtyAllocator
{
// ...
@system void deallocate(void[] block)
{
corruptMemory();
}
}
...and then RCAllocator.deallocate will dispatch to this
function, and you will end up corrupting memory in @safe code.
More information about the Digitalmars-d
mailing list