[Issue 12573] Implicit immutable cast for ref/out argument of pure functions

Apr 14, 2014

Steven Schveighoffer

Apr 15, 2014

yebblies

Apr 15, 2014

Steven Schveighoffer

Dec 17, 2022

Iain Buclaw

Dec 13

dlangBugzillaToGithub

April 14, 2014

[Issue 12573] Implicit immutable cast for ref/out argument of pure functions

Posted by Steven Schveighoffer

Permalink

Steven Schveighoffer

Permalink

https://issues.dlang.org/show_bug.cgi?id=12573

Steven Schveighoffer <schveiguy@yahoo.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |schveiguy@yahoo.com

--- Comment #1 from Steven Schveighoffer <schveiguy@yahoo.com> ---
I think it is dangerous to allow this. Allowing the implicit casting of a return is OK, since you cannot modify the return via the mutable reference, but allowing arbitrary assignment inside the function allows modifying the mutable reference, breaking immutability.

If we consider the trivial case:

string foo2(in string s, ref string sout) pure nothrow
{
   auto s2 = s.dup;
   sout = s2; // this would potentially be allowed
   auto s3 = sout.idup; // copy the data
   s2[0] = 'a'; // now modified immutable data referenced by sout.
   return sout.idup; // could be changed to return s3?
}

Basically, the compiler can make the legal assumption that since s3 and sout are immutable, and have not changed, calling idup on sout will reasonably result in the same value that s3 has. It would be a legal optimization. However, on return, sout has changed from what s3 contains, so the return value may not be equivalent to sout.

A return does not have this vulnerability, since the function ends at a return statement, and the cast is effectively occurring after the return. In fact, you have no access to the return, so it's not possible to use it in a pure manner inside the function.

I would recommend not allowing this, unless you could make more restrictive rules. I'm not sure if it's worth it. May be better to focus on multiple return values.

--

https://issues.dlang.org/show_bug.cgi?id=12573 yebblies <yebblies@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |yebblies@gmail.com --- Comment #2 from yebblies <yebblies@gmail.com> --- Yeah, doesn't make much sense for 'ref'. But what about 'out'? --

https://issues.dlang.org/show_bug.cgi?id=12573 --- Comment #3 from Steven Schveighoffer <schveiguy@yahoo.com> --- (In reply to yebblies from comment #2) > Yeah, doesn't make much sense for 'ref'. But what about 'out'? out parameters are addressable just like ref ones. Only difference is they are initialized upon entry. In other words, they have the same issue. Only return values aren't directly addressable. If out variables were write-only, then it might make sense. --

https://issues.dlang.org/show_bug.cgi?id=12573 Iain Buclaw <ibuclaw@gdcproject.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P1 |P4 --

https://issues.dlang.org/show_bug.cgi?id=12573 --- Comment #4 from dlangBugzillaToGithub <robert.schadek@posteo.de> --- THIS ISSUE HAS BEEN MOVED TO GITHUB https://github.com/dlang/dmd/issues/18815 DO NOT COMMENT HERE ANYMORE, NOBODY WILL SEE IT, THIS ISSUE HAS BEEN MOVED TO GITHUB --

Forums