| Thread overview | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
December 22, 2012 [Issue 9195] New: Can do pointer arithmetic in safeD! | ||||
|---|---|---|---|---|
| ||||
 | http://d.puremagic.com/issues/show_bug.cgi?id=9195 Summary: Can do pointer arithmetic in safeD! Product: D Version: D2 Platform: All OS/Version: All Status: NEW Severity: major Priority: P2 Component: DMD AssignedTo: nobody@puremagic.com ReportedBy: dmitry.olsh@gmail.com --- Comment #0 from Dmitry Olshansky <dmitry.olsh@gmail.com> 2012-12-22 11:42:23 PST --- Pointer arithmetic limitation is too dam easy to side step. In fact I did it accidentaly. The snippet shows the problem in its full glory: @safe uint* glorious(uint * ptr, size_t offset) { return &ptr[offset]; } //correctly can't be @safe /*@safe*/ @trusted uint* casual(uint * ptr, size_t offset) { return ptr+offset; } @safe void main() { uint[] arr = [1, 2, 3, 4]; assert(*casual(arr.ptr, 3) == 4); assert(*glorious(arr.ptr, 3) == 4); assert(glorious(arr.ptr, 0xdead_beaf) == casual(arr.ptr, 0xdead_beaf)); } This undermines the whole promise of memory safety in SafeD - if you can index raw pointers you no safer then with direct pointer arithmetic. -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- | |||
Permalink
ReplyDecember 30, 2012 [Issue 9195] Can do pointer arithmetic in safeD! | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Dmitry Olshansky | http://d.puremagic.com/issues/show_bug.cgi?id=9195 Jonathan M Davis <jmdavisProg@gmx.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jmdavisProg@gmx.com --- Comment #1 from Jonathan M Davis <jmdavisProg@gmx.com> 2012-12-30 03:58:32 PST --- I don't see the problem here. The pointer arithmetic is in @trusted code. It's up to the programmer - not the compiler - to verify the safety of the code in that case. And all of the unsafe operations are in @trusted code. If you don't want this to happen, then don't mark a function as @trusted when it doesn't make sense to. This code is a problem simply because code which had no business being marked as @trusted was marked as @trusted. What would you expect to work differently about this? -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- | |||
December 30, 2012 [Issue 9195] Can do pointer arithmetic in safeD! | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Dmitry Olshansky | http://d.puremagic.com/issues/show_bug.cgi?id=9195 --- Comment #2 from Dmitry Olshansky <dmitry.olsh@gmail.com> 2012-12-30 04:20:34 PST --- (In reply to comment #1) > I don't see the problem here. The pointer arithmetic is in @trusted code. It's up to the programmer - not the compiler - to verify the safety of the code in that case. And all of the unsafe operations are in @trusted code. If you don't want this to happen, then don't mark a function as @trusted when it doesn't make sense to. This code is a problem simply because code which had no business being marked as @trusted was marked as @trusted. What would you expect to work differently about this? It's not @trusted. casual is a doing a pointer atirhmetic just fine. But see 'glorious' function in this example. It is does the same pointer arithmetic but it's marked @safe and main is @safe! All compiles and runs, it's a bug in @safety. -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- | |||
December 30, 2012 [Issue 9195] Can do pointer arithmetic in safeD! | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Dmitry Olshansky | http://d.puremagic.com/issues/show_bug.cgi?id=9195 --- Comment #3 from Jonathan M Davis <jmdavisProg@gmx.com> 2012-12-30 14:35:00 PST --- > It's not @trusted. casual is a doing a pointer atirhmetic just fine. But casual is marked as @trusted, so I don't see any problem there at all. As for glorious, what pointer arithmetic is it doing? I just see it indexing an array, which would be bounds checked. Though actually, it looks like it's taking the address of a local variable, which is supposed to be @system. So, _that_ is a bug, but I don't see any pointer arithmetic here which is marked with @safe when it should be @system. It's the & which is the problem. -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- | |||
December 30, 2012 [Issue 9195] Can do pointer arithmetic in safeD! | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Dmitry Olshansky | http://d.puremagic.com/issues/show_bug.cgi?id=9195 Simen Kjaeraas <simen.kjaras@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |simen.kjaras@gmail.com --- Comment #4 from Simen Kjaeraas <simen.kjaras@gmail.com> 2012-12-30 15:34:22 PST --- > As for glorious, what pointer arithmetic is it doing? I just see it indexing an array, which would be bounds checked. Look again. It's not indexing an array, it's indexing a pointer. -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- | |||
December 31, 2012 [Issue 9195] Can do pointer arithmetic in safeD! | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Dmitry Olshansky | http://d.puremagic.com/issues/show_bug.cgi?id=9195 --- Comment #5 from Jonathan M Davis <jmdavisProg@gmx.com> 2012-12-30 17:26:28 PST --- > Look again. It's not indexing an array, it's indexing a pointer. Hmmm. Yes, you're right. It's indexing a pointer. I guess that that's currently considered @safe, though underneath the hood, it's really no different from pointer arithmetic. Dereferencing the pointer should be fine, and ptr[0] should be fine for that same reason, but ptr[x] could be doing who-knows-what and isn't really any different from *(ptr + x), so that should be considered @system and isn't. So, I'd say that the problem is that indexing a pointer is considered @safe when it shouldn't be, presumably because it's not explicit pointer arithmetic. The fact that you were talking about pointer arithmetic threw me off, since the explicit pointer arithmetic _isn't_ @safe, and I guess that Walter got thrown off in a similar way when he made pointer arithmetic @system. -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- | |||
January 14, 2013 [Issue 9195] Should not be able to index a pointer in safed | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Dmitry Olshansky | http://d.puremagic.com/issues/show_bug.cgi?id=9195 yebblies <yebblies@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |pull AssignedTo|nobody@puremagic.com |yebblies@gmail.com --- Comment #6 from yebblies <yebblies@gmail.com> 2013-01-14 21:59:48 EST --- https://github.com/D-Programming-Language/dmd/pull/1482 -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- | |||
January 14, 2013 [Issue 9195] Should not be able to index a pointer in safed | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Dmitry Olshansky | http://d.puremagic.com/issues/show_bug.cgi?id=9195 --- Comment #7 from github-bugzilla@puremagic.com 2013-01-14 11:49:06 PST --- Commits pushed to master at https://github.com/D-Programming-Language/dmd https://github.com/D-Programming-Language/dmd/commit/580eb165d141848658ea71ac6cba54e3023d98a8 Fix Issue 9195 - Should not be able to index a pointer in safed This prevents indexing a pointer in @safe code unless the index is known at compile time to be zero. https://github.com/D-Programming-Language/dmd/commit/e97e886c7a092a279bf72b1ad5e6fb63dc81b82e Merge pull request #1482 from yebblies/issue9195 Issue 9195 - Should not be able to index a pointer in safed -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- | |||
January 14, 2013 [Issue 9195] Should not be able to index a pointer in safed | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Dmitry Olshansky | http://d.puremagic.com/issues/show_bug.cgi?id=9195 Walter Bright <bugzilla@digitalmars.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |bugzilla@digitalmars.com Resolution| |FIXED -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- | |||
January 16, 2013 [Issue 9195] Should not be able to index a pointer in safed | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Dmitry Olshansky | http://d.puremagic.com/issues/show_bug.cgi?id=9195 --- Comment #8 from github-bugzilla@puremagic.com 2013-01-16 11:50:29 PST --- Commits pushed to master at https://github.com/D-Programming-Language/dmd https://github.com/D-Programming-Language/dmd/commit/3d5b45196c687b714928954b027ef2944ca0beac Fix Issue 9195 - Should not be able to index a pointer in safed Allow pointer arithmetic when using an offset that is known to be zero https://github.com/D-Programming-Language/dmd/commit/381bddf74ba9ddbd298491c182cc58043958f455 Merge pull request #1492 from yebblies/issue9195 Fix Issue 9195 - Should not be able to index a pointer in safed -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- | |||
Copyright © 1999-2021 by the D Language Foundation