On 05/10/2015 01:48 PM, Timon Gehr wrote:
"bool expand(ref void[] b, size_t delta); Post: !result || b.length == old(b).length + delta Expands b by delta bytes. If delta == 0, succeeds without changing b. If b is null, the call evaluates b = allocate(delta) and returns b !is null. Otherwise, *b must be a buffer previously allocated with the same allocator*. If expansion was successful, expand changes b's length to b.length + delta and returns true. Upon failure, the call effects no change upon the allocator object, leaves b unchanged, and returns false."
Actually, reading that snippet of the documentation, I notice more problems in the implementation of expand/the documentation of the rounding function.
If the rounding function returns a non-zero result for a zero argument, expand can return invalid memory (starting from address 0) if given an empty block 'b'.