| Thread overview | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
January 03, 2018 No modification of pointer values in safe functions? | ||||
|---|---|---|---|---|
| ||||
 | The documentation says the modification of pointer values is not allowed in safe functions. Yet the following compiles fine on dmd:
void main() @safe
{
int* x = new int;
int* y = new int;
y=x;
}
Is this simply a compiler bug?
| |||
Permalink
ReplyJanuary 03, 2018 Re: No modification of pointer values in safe functions? | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Mark | On Wednesday, 3 January 2018 at 22:02:22 UTC, Mark wrote:
> The documentation says the modification of pointer values is not allowed in safe functions.
I think that refers to like x++ rather than x=y.
| |||
January 03, 2018 Re: No modification of pointer values in safe functions? | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Mark | On Wednesday, January 03, 2018 22:02:22 Mark via Digitalmars-d-learn wrote:
> The documentation says the modification of pointer values is not allowed in safe functions. Yet the following compiles fine on dmd:
>
> void main() @safe
> {
> int* x = new int;
> int* y = new int;
> y=x;
> }
>
> Is this simply a compiler bug?
Where are you reading that in the documentation? There's nothing unsafe whatsoever about assigning one pointer to another.
Now, pointer arithmetic is unsafe, and that's forbidden in @safe functions. So, I suspect that you're ether misunderstanding the documentation and/or the documentation isn't clear enough.
- Jonathan M Davis
| |||
January 03, 2018 Re: No modification of pointer values in safe functions? | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Mark | On Wed, Jan 03, 2018 at 10:02:22PM +0000, Mark via Digitalmars-d-learn wrote: > The documentation says the modification of pointer values is not allowed in safe functions. Yet the following compiles fine on dmd: > > void main() @safe > { > int* x = new int; > int* y = new int; > y=x; > } > > Is this simply a compiler bug? No, this use of pointers is perfectly safe. @safe does not mean "no pointers". What is prohibited is: - casting integers into pointers: int* ptr = cast(int*) 0xdeadbeef; // not allowed in @safe *ptr = 100; // oops, overwriting arbitrary memory - arbitrary pointer arithmetic, like: int x; int* ptr = &x; ptr++; // not allowed in @safe *ptr = 100; // oops, overwriting arbitrary stack locations. - overlapping a pointer with something else in a union, like: union U { int x; int* ptr; } U u; u.x = 12345; *u.ptr = 100; // oops, overwriting arbitrary memory // Note: @safe allows *reading* u.x after assigning a pointer to // u.ptr, since you can't do anything unsafe with an int value; // you just can't get a pointer value out of the union. - casting pointers to pointers of a different type: char ch; char* p = &ch; int* ip = cast(int*) p; // not allowed in @safe *ip = 123; // oops, overwriting arbitrary stack locations - making arbitrary slices from a pointer: char[10] buf; char* p = &buf[0]; auto q = p[0 .. 100]; // not allowed in @safe q[99] = 100; // oops, overrunning end of buffer There are probably other examples, but you get the point. It's always OK to assign and dereference pointers in @safe code, because, barring a compiler bug or unrelated @system code wreaking havoc, it's not possible to get an invalid pointer value in @safe code. (The caveat is that @safe code may call @trusted code, which in turn may call @system code. So you really have to be sure that @trusted code is actually trustworthy, otherwise you *might* get an invalid pointer percolating into @safe code, and then all bets are off.) T -- Тише едешь, дальше будешь. | |||
January 03, 2018 Re: No modification of pointer values in safe functions? | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Jonathan M Davis | On Wednesday, 3 January 2018 at 22:12:01 UTC, Jonathan M Davis wrote: > On Wednesday, January 03, 2018 22:02:22 Mark via Digitalmars-d-learn wrote: >> The documentation says the modification of pointer values is not allowed in safe functions. Yet the following compiles fine on dmd: >> >> void main() @safe >> { >> int* x = new int; >> int* y = new int; >> y=x; >> } >> >> Is this simply a compiler bug? > > Where are you reading that in the documentation? There's nothing unsafe whatsoever about assigning one pointer to another. > > Now, pointer arithmetic is unsafe, and that's forbidden in @safe functions. So, I suspect that you're ether misunderstanding the documentation and/or the documentation isn't clear enough. > > - Jonathan M Davis https://dlang.org/spec/function.html#safe-functions "The following operations are not allowed in safe functions: [...] - No modification of pointer values. [...]" | |||
January 03, 2018 Re: No modification of pointer values in safe functions? | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Mark | On Wednesday, January 03, 2018 22:25:16 Mark via Digitalmars-d-learn wrote:
> On Wednesday, 3 January 2018 at 22:12:01 UTC, Jonathan M Davis
>
> wrote:
> > On Wednesday, January 03, 2018 22:02:22 Mark via
> >
> > Digitalmars-d-learn wrote:
> >> The documentation says the modification of pointer values is not allowed in safe functions. Yet the following compiles fine on dmd:
> >>
> >> void main() @safe
> >> {
> >>
> >> int* x = new int;
> >> int* y = new int;
> >> y=x;
> >>
> >> }
> >>
> >> Is this simply a compiler bug?
> >
> > Where are you reading that in the documentation? There's nothing unsafe whatsoever about assigning one pointer to another.
> >
> > Now, pointer arithmetic is unsafe, and that's forbidden in @safe functions. So, I suspect that you're ether misunderstanding the documentation and/or the documentation isn't clear enough.
> >
> > - Jonathan M Davis
>
> https://dlang.org/spec/function.html#safe-functions
>
> "The following operations are not allowed in safe functions:
>
> [...]
> - No modification of pointer values.
> [...]"
Then the spec needs to be clarified. Assignment is fine but other types of mutation are not.
- Jonathan M Davis
| |||
January 03, 2018 Re: No modification of pointer values in safe functions? | ||||
|---|---|---|---|---|
| ||||
| On Wed, Jan 03, 2018 at 03:42:07PM -0700, Jonathan M Davis via Digitalmars-d-learn wrote: > On Wednesday, January 03, 2018 22:25:16 Mark via Digitalmars-d-learn wrote: [...] > > https://dlang.org/spec/function.html#safe-functions > > > > "The following operations are not allowed in safe functions: > > > > [...] > > - No modification of pointer values. > > [...]" > > Then the spec needs to be clarified. Assignment is fine but other types of mutation are not. Here's my attempt to clarify it: https://github.com/dlang/dlang.org/pull/2050 T -- PNP = Plug 'N' Pray | |||
January 04, 2018 Re: No modification of pointer values in safe functions? | ||||
|---|---|---|---|---|
| ||||
Posted in reply to H. S. Teoh | On Wednesday, 3 January 2018 at 23:49:33 UTC, H. S. Teoh wrote:
> On Wed, Jan 03, 2018 at 03:42:07PM -0700, Jonathan M Davis via Digitalmars-d-learn wrote:
>> On Wednesday, January 03, 2018 22:25:16 Mark via Digitalmars-d-learn wrote:
> [...]
>> > https://dlang.org/spec/function.html#safe-functions
>> >
>> > "The following operations are not allowed in safe functions:
>> >
>> > [...]
>> > - No modification of pointer values.
>> > [...]"
>>
>> Then the spec needs to be clarified. Assignment is fine but other types of mutation are not.
>
> Here's my attempt to clarify it:
>
> https://github.com/dlang/dlang.org/pull/2050
>
>
> T
Okay, that's clear now.
Ali's book wasn't clear on that either ("Pointers cannot be mutated"). I'll ask him to clarify it.
| |||
Copyright © 1999-2021 by the D Language Foundation