20490 – malloc and calloc should be @safe / @trusted

D issues are now tracked on GitHub. This Bugzilla instance remains as a read-only archive.

Issue 20490 - malloc and calloc should be @safe / @trusted

Summary: malloc and calloc should be @safe / @trusted

Status:	RESOLVED WONTFIX

Alias:	None

Product:	D
Classification:	Unclassified
Component:	druntime (show other issues)
Version:	D2
Hardware:	All All

Importance:	P1 minor
Assignee:	No Owner

URL:
Keywords:	pull

Depends on:
Blocks:

Reported:	2020-01-08 15:44 UTC by Nathan S.
Modified:	2022-04-13 14:17 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description Nathan S. 2020-01-08 15:44:04 UTC

malloc and calloc should be @trusted because by specification they cannot corrupt memory regardless of what arguments they are passed. core.stdc.stdlib.d has this comment explaining why they aren't @trusted:

// We don't mark these @trusted. Given that they return a void*, one has
// to do a pointer cast to do anything sensible with the result. Thus,
// functions using these already have to be @trusted, allowing them to
// call @system stuff anyway.

That comment is longer than just writing @trusted twice. Moreover since that comment was written Phobos has adopted the style of wrapping individual statements in @trusted lambdas instead of marking entire functions as @trusted.

Comment 1 Dlang Bot 2020-01-08 15:49:38 UTC

@n8sh created dlang/druntime pull request #2901 "Fix Issue 20490 - malloc and free should be `@safe` / `@trusted`" fixing this issue:

- Fix Issue 20490 - malloc and free should be `@safe` / `@trusted`
  
  There is no good reason not to annotate them correctly.

https://github.com/dlang/druntime/pull/2901

Comment 2 Dennis 2022-04-13 14:17:33 UTC

Unfortunately, Walter decided against it:
https://github.com/dlang/druntime/pull/2901#issuecomment-1086999519