Menu
Search

Forums

Forum Index

August 22, 2023
Gravatar of timon.gehr@gmx.chPosted by timon.gehr@gmx.chReply
timon.gehr@gmx.ch
Gravatar of timon.gehr@gmx.ch


Reply
https://issues.dlang.org/show_bug.cgi?id=24098

          Issue ID: 24098
           Summary: Safe variable can be initialized from `@system` static
                    constructor.
           Product: D
           Version: D2
          Hardware: All
                OS: All
            Status: NEW
          Keywords: accepts-invalid, safe, spec
          Severity: normal
          Priority: P3
         Component: dmd
          Assignee: nobody@puremagic.com
          Reporter: timon.gehr@gmx.ch

DMD 2.105.0:

```d
int* x;
@system static this(){
    x=cast(int*)0xDEADBEEF;
}
void main()@safe{
    import std.stdio;
    writeln(*x);
}
```

>From the language specification:

---
When it is only called with safe values and safe aliasing, a function has a safe interface when:

   1. it cannot exhibit undefined behavior, and
   2. it cannot create unsafe values that are accessible from other parts of
the program (e.g., via return values, global variables, or ref parameters), and
   3. it cannot introduce unsafe aliasing that is accessible from other parts
of the program.

Functions that meet these requirements may be @safe or @trusted. Function that do not meet these requirements can only be @system.
---

Clearly the main function does not meet requirement 2., yet is annotated `@safe` and compiles.

Fixing this may require some thinking about language design. One option is to require `static this` to be `@trusted` instead of `@system` when it attempts to initialize a non-`@system` variable.

--