DIP 1025--Dynamic Arrays Only Shrink, Never Grow--Community Review Round 1
Nicholas Wilson
iamthewilsonator at hotmail.com
Tue Nov 12 00:17:55 UTC 2019
On Monday, 11 November 2019 at 21:41:14 UTC, Walter Bright wrote:
> On 11/11/2019 5:13 AM, Dennis wrote:
>> ```
>> int[] slice = cast(int*)malloc(10 * int.sizeof)[0 .. 10];
>> slice = slice ~ 1; // now guaranteed to make a copy
>> free(slice.ptr); // Still oops
>> ```
>
> Imagine these 3 lines are spread out over a large code base.
People doing manual memory management without RAII deserve the
codebase complexity they get.
>> The following claim in the DIP is also unsubstantiated:
>>
>>> This change is a necessary part of D evolving towards being
>>> memory safe without using
>>> a GC.
>
> Memory safety cannot be achieved without control over who is
> the owner of memory.
>
>> I would like to see an example of memory corruption in `@safe`
>> code that can happen because of slice appending.
>
> @trusted void myfree(void* p) { free(p); }
> free(slice.ptr);
As noted elsewhere that is a broken @trusted, and therefore a
user fault, not a language fault. This is no different to
breaking the type system in any other way.
More information about the Digitalmars-d
mailing list