| Thread overview | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
September 20, 2014 [Issue 13508] array vararg function safety not inferred | ||||
|---|---|---|---|---|
| ||||
 | https://issues.dlang.org/show_bug.cgi?id=13508 hsteoh@quickfur.ath.cx changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |hsteoh@quickfur.ath.cx --- Comment #1 from hsteoh@quickfur.ath.cx --- Array vararg functions are not safe, because they take a slice of arguments on the stack. Example problem: ----- class C { int[] data; this(int[] args...) { data = args; // oops: this.data now points to the stack... } } ----- -- | |||
Permalink
ReplySeptember 20, 2014 [Issue 13508] array vararg function safety not inferred | ||||
|---|---|---|---|---|
| ||||
 | https://issues.dlang.org/show_bug.cgi?id=13508 --- Comment #2 from monarchdodra@gmail.com --- (In reply to hsteoh from comment #1) > Array vararg functions are not safe, because they take a slice of arguments on the stack. Example problem: > ----- > class C { > int[] data; > this(int[] args...) { > data = args; // oops: this.data now points to the stack... > } > } > ----- That's what I thought, but: "If you mark "make" as explicitly safe, then it works." So there's a loophole somewhere here. Also related, I think it is a flaw that the very *signature* of something is unsafe. In particular, the "array vararg" signature is *also* the one chosen when you pass an array, which is perfectly defined and safe behavior... -- | |||
September 20, 2014 [Issue 13508] array vararg function safety not inferred | ||||
|---|---|---|---|---|
| ||||
| https://issues.dlang.org/show_bug.cgi?id=13508 --- Comment #3 from hsteoh@quickfur.ath.cx --- Yes, definitely there's a loophole somewhere. So that must be fixed. But "conditionally safe" (i.e., conditional upon what arguments are passed by the caller) is the same as "unsafe", because for example, if a function performs pointer arithmetic, then as long as you make sure the pointers you pass in are within bounds, then you won't get any unsafe operations in the function. But that doesn't change the fact that the function is unsafe. -- | |||
September 20, 2014 [Issue 13508] array vararg function safety not inferred | ||||
|---|---|---|---|---|
| ||||
| https://issues.dlang.org/show_bug.cgi?id=13508 --- Comment #4 from monarchdodra@gmail.com --- (In reply to hsteoh from comment #3) > But "conditionally safe" (i.e., conditional upon what arguments are passed by the caller) is the same as "unsafe", because for example, if a function performs pointer arithmetic, then as long as you make sure the pointers you pass in are within bounds, then you won't get any unsafe operations in the function. But that doesn't change the fact that the function is unsafe. Right, but in this case, we're talking about the static types used by the caller. From caller point of view, it's 2 different signatures: make!S(1, 2, 3); //(1) unsafe make!S([1, 2, 3]); //(2) safe In this case, 1 is unsafe, but 2 is (should) be safe. -- | |||
September 22, 2014 [Issue 13508] array vararg function safety not inferred | ||||
|---|---|---|---|---|
| ||||
 | https://issues.dlang.org/show_bug.cgi?id=13508 Kenji Hara <k.hara.pg@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |pull, rejects-valid --- Comment #5 from Kenji Hara <k.hara.pg@gmail.com> --- https://github.com/D-Programming-Language/dmd/pull/4015 -- | |||
September 22, 2014 [Issue 13508] array vararg function safety not inferred | ||||
|---|---|---|---|---|
| ||||
| https://issues.dlang.org/show_bug.cgi?id=13508 --- Comment #6 from Kenji Hara <k.hara.pg@gmail.com> --- (In reply to hsteoh from comment #1) > Array vararg functions are not safe, because they take a slice of arguments on the stack. Example problem: > ----- > class C { > int[] data; > this(int[] args...) { > data = args; // oops: this.data now points to the stack... > } > } > ----- I think that typesafe variadic parameters would be designed to be safe, because the following case is correctly rejected by the compile time check. int[] foo(int[] args...) { return args; // Error: escaping reference to variadic parameter args } But as you know, current escape analysis mechanism is incomplete, and scope attribute is yet not defined well. -- | |||
September 24, 2014 [Issue 13508] array vararg function safety not inferred | ||||
|---|---|---|---|---|
| ||||
 | https://issues.dlang.org/show_bug.cgi?id=13508 github-bugzilla@puremagic.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED -- | |||
September 24, 2014 [Issue 13508] array vararg function safety not inferred | ||||
|---|---|---|---|---|
| ||||
| https://issues.dlang.org/show_bug.cgi?id=13508 --- Comment #7 from github-bugzilla@puremagic.com --- Commits pushed to master at https://github.com/D-Programming-Language/dmd https://github.com/D-Programming-Language/dmd/commit/f9e1c78871d1790e4728fee1b2a76a4bcf9bec31 fix Issue 13508 - array vararg function safety not inferred https://github.com/D-Programming-Language/dmd/commit/1bba639635f0f1705b137b3d5431364756a13182 Merge pull request #4015 from 9rnsr/fix13508 Issue 13508 - array vararg function safety not inferred -- | |||
February 19, 2015 [Issue 13508] array vararg function safety not inferred | ||||
|---|---|---|---|---|
| ||||
| https://issues.dlang.org/show_bug.cgi?id=13508 --- Comment #8 from github-bugzilla@puremagic.com --- Commits pushed to 2.067 at https://github.com/D-Programming-Language/dmd https://github.com/D-Programming-Language/dmd/commit/f9e1c78871d1790e4728fee1b2a76a4bcf9bec31 fix Issue 13508 - array vararg function safety not inferred https://github.com/D-Programming-Language/dmd/commit/1bba639635f0f1705b137b3d5431364756a13182 Merge pull request #4015 from 9rnsr/fix13508 -- | |||
Copyright © 1999-2021 by the D Language Foundation