Thread overview | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
December 31, 2016 [Issue 17049] [scope] class references are not escape checked like pointers | ||||
---|---|---|---|---|
| ||||
https://issues.dlang.org/show_bug.cgi?id=17049 Martin Nowak <code@dawg.eu> changed: What |Removed |Added ---------------------------------------------------------------------------- Hardware|x86_64 |All OS|Linux |All Severity|enhancement |normal -- |
December 31, 2016 [Issue 17049] [scope] class references are not escape checked like pointers | ||||
---|---|---|---|---|
| ||||
https://issues.dlang.org/show_bug.cgi?id=17049 Martin Nowak <code@dawg.eu> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |safe -- |
February 21, 2017 [Issue 17049] [scope] class references are not escape checked like pointers | ||||
---|---|---|---|---|
| ||||
https://issues.dlang.org/show_bug.cgi?id=17049 --- Comment #1 from Martin Nowak <code@dawg.eu> --- No longer works (not even for int*) with dmd-master-2017-01-04 and -dip1000. -- |
February 22, 2017 [Issue 17049] [scope] class references are not escape checked like pointers | ||||
---|---|---|---|---|
| ||||
https://issues.dlang.org/show_bug.cgi?id=17049 Walter Bright <bugzilla@digitalmars.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |bugzilla@digitalmars.com Resolution|--- |INVALID --- Comment #2 from Walter Bright <bugzilla@digitalmars.com> --- The reason no error is detected is because there isn't one. The declaration: S s; does not declare a pointer that points to the stack. -- |
February 24, 2017 [Issue 17049] [scope] class references are not escape checked like pointers | ||||
---|---|---|---|---|
| ||||
https://issues.dlang.org/show_bug.cgi?id=17049 Martin Nowak <code@dawg.eu> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID |--- --- Comment #3 from Martin Nowak <code@dawg.eu> --- Remember how we agreed on that the compiler shouldn't be too smart when inferring whether the return value could alias any of the arguments. This is crucial to support ownership idioms such as unique, where the container could for example just wrap an int handle. Use-after-free for handles is no different from dangling pointers, just as unsafe and able to corrupt memory. struct S { float* ptr; // needs a pointer for the compiler to attach the lifetime of get's return value to S @safe P get() return scope; } P escape() @safe { scope S s; // need to explicitly declare this as scope for the compiler to infer get's return value as scope P p = s.get(); return p; } ////////// Here is a simpler example on why this is broken. struct S { @safe S* get() return scope { return &this; } } S* escape() @safe { S s; auto ps = s.get(); return ps; } In `auto ps = s.get()` the compiler should conservatively assume that ps points to s, simply b/c the signature (w/ return scope) would allow to do so. Even if the return type is seemingly unrelated to the passed in scope arguments type conversions may be done by @trusted functions that are intransparent for the compiler. -- |
February 24, 2017 [Issue 17049] [scope] class references are not escape checked like pointers | ||||
---|---|---|---|---|
| ||||
https://issues.dlang.org/show_bug.cgi?id=17049 --- Comment #4 from Martin Nowak <code@dawg.eu> --- There is a difference from member functions to free function. static @safe S* get2(return ref scope S _this) { return &_this; } struct S { @safe S* get1() return scope { return &this; } } S* escape() @safe { S s; auto ps1 = s.get1(); auto ps2 = s.get2(); return ps1; // works // return ps2; // doesn't work } -- |
February 24, 2017 [Issue 17049] [scope] class references are not escape checked like pointers | ||||
---|---|---|---|---|
| ||||
https://issues.dlang.org/show_bug.cgi?id=17049 --- Comment #5 from Martin Nowak <code@dawg.eu> --- (In reply to Martin Nowak from comment #4) > return ps1; // works silenty escapes !!! > // return ps2; // doesn't work correctly errors on escape !!! > } -- |
February 24, 2017 [Issue 17049] [scope] class references are not escape checked like pointers | ||||
---|---|---|---|---|
| ||||
https://issues.dlang.org/show_bug.cgi?id=17049 --- Comment #6 from Martin Nowak <code@dawg.eu> --- And the same is supposed to work for foreign pointers? static @safe float* get2(return ref scope S _this) { return convert(&_this); } @trusted float* convert(S* s) { return cast(float*)s; } struct S { } float* escape() @safe { S s; auto pf = s.get2(); return pf; // works } ---- Error: scope variable pf may not be returned ---- -- |
February 24, 2017 [Issue 17049] [scope] class references are not escape checked like pointers | ||||
---|---|---|---|---|
| ||||
https://issues.dlang.org/show_bug.cgi?id=17049 --- Comment #7 from Martin Nowak <code@dawg.eu> --- And this is supposed to not work? struct Handle { int a; } static @safe Handle get2(return ref scope S _this) { return Handle(1); } struct S { } Handle escape() @safe { S s; auto h = s.get2(); return h; // works } -- |
February 25, 2017 [Issue 17049] [scope] member methods not escape checked like free functions | ||||
---|---|---|---|---|
| ||||
https://issues.dlang.org/show_bug.cgi?id=17049 Martin Nowak <code@dawg.eu> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|[scope] class references |[scope] member methods not |are not escape checked like |escape checked like free |pointers |functions --- Comment #8 from Martin Nowak <code@dawg.eu> --- The Handle case would need to look like this, w/ a free function dmd correctly prevents escaping. struct Handle { @safe: int fd; @disable this(this); ~this() {} } // not-copyable static @safe ref int get1(return ref scope Handle _this) { return _this.fd; } int* escape1() @safe { Handle h; auto p = &h.get1(); return p; } static @safe int* get2(return ref scope Handle _this) { return &_this.fd; } int* escape2() @safe { Handle h; auto p = h.get2(); return p; } ---- /tmp/tmp.Rm7L5V5FW1/bug.d(17): Error: cannot take address of ref return of get1() in @safe function escape1 // this restriction migth get removed at some point /tmp/tmp.Rm7L5V5FW1/bug.d(18): Error: scope variable p may not be returned /tmp/tmp.Rm7L5V5FW1/bug.d(30): Error: scope variable p may not be returned ---- So the problematic bug is that member methods are not correctly checked. -- |
Copyright © 1999-2021 by the D Language Foundation