Jump to page: 1 2
Thread overview
[Issue 17927] [scope] `scope inout` parameter value can be escaped via return
[Issue 17927] [scope] scope input return value can be escaped
Oct 22, 2017
Martin Nowak
Oct 22, 2017
Martin Nowak
Oct 23, 2017
Walter Bright
Oct 23, 2017
Walter Bright
Oct 23, 2017
Walter Bright
Oct 23, 2017
Walter Bright
Oct 23, 2017
Walter Bright
Oct 23, 2017
Walter Bright
Jan 04, 2018
Martin Nowak
Aug 16, 2018
Atila Neves
Aug 22, 2019
Les De Ridder
Sep 04, 2019
Mike Franklin
Sep 04, 2019
Mike Franklin
Sep 21, 2019
Mike Franklin
Mar 04, 2020
Walter Bright
Jun 15, 2021
Dennis
October 22, 2017
https://issues.dlang.org/show_bug.cgi?id=17927

Martin Nowak <code@dawg.eu> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 OS|Linux                       |All

--
October 22, 2017
https://issues.dlang.org/show_bug.cgi?id=17927

--- Comment #1 from Martin Nowak <code@dawg.eu> ---
My bad, there are two bugs.

All of the above opSlice methods should fail to compile, but on the mutable and cost method do, the inout silently compiles, even though it escapes a field.

All of the methods should and do compile with return scope (even the inout
one).
The compiler doesn't infer scope for their returned slice and thus allows
escaping that.

--
October 23, 2017
https://issues.dlang.org/show_bug.cgi?id=17927

--- Comment #2 from Walter Bright <bugzilla@digitalmars.com> ---
Changing the @trusted to @safe makes the first example fail to compile with:

  test.d(6): Error: pointer slicing not allowed in safe functions

Changing String to:

  struct String {
    inout(char)[] opSlice() inout scope @safe {
        return ptr[];
    }

    char[] ptr;
  }

And it now compiles, as it should. Will look at the rest.

--- Comment #3 from Walter Bright <bugzilla@digitalmars.com> ---
Back to the process of stripping things down to the essentials:

--------------------
const(char)* foo1(scope const(char)* ptr) @safe { return ptr; }

inout(char)* foo2(scope inout(char)* ptr) @safe { return ptr; }
--------------------

Produces the expected error messages:

  test.d(1): Error: scope variable ptr may not be returned
  test.d(3): Error: scope variable ptr may not be returned

So add in a bit of complexity:

--------------
struct String {
    const(char)* mem1() const scope @safe { return ptr; }

    inout(char)* mem2() inout scope @safe { return ptr; }

    char* ptr;
}
--------------

Produces:

  test.d(2): Error: scope variable this may not be returned

The message for mem2() is not generated, so the issue is with the 'inout' on
the 'this' parameter.

--
October 23, 2017
https://issues.dlang.org/show_bug.cgi?id=17927

--- Comment #4 from Walter Bright <bugzilla@digitalmars.com> ---
It turns out that:

  struct String {
    inout(char)* mem2() inout scope @safe { return ptr; }
    char* ptr;
  }

not issuing an error is actually correct, because a parameter that is `ref inout` is inferred to be `return`, and the `this` parameter for `mem2` is `ref inout`.

--
October 23, 2017
https://issues.dlang.org/show_bug.cgi?id=17927

Walter Bright <bugzilla@digitalmars.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |INVALID

--- Comment #5 from Walter Bright <bugzilla@digitalmars.com> ---
For the unittest, the `dup` does not create data with limited lifetime, so `s` is not inferred as `scope`, and `escape` is free to escape it.

It's complicated, but the compiler is working as it is supposed to.

--
October 23, 2017
https://issues.dlang.org/show_bug.cgi?id=17927

Walter Bright <bugzilla@digitalmars.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|[scope] scope input return  |[scope] `scope inout`
                   |value can be escaped        |parameter value can be
                   |                            |escaped via return

--
October 23, 2017
https://issues.dlang.org/show_bug.cgi?id=17927

--- Comment #6 from Walter Bright <bugzilla@digitalmars.com> ---
https://github.com/dlang/dmd/pull/7235

--
October 23, 2017
https://issues.dlang.org/show_bug.cgi?id=17927

--- Comment #7 from Walter Bright <bugzilla@digitalmars.com> ---
Spec pull: https://github.com/dlang/dlang.org/pull/1914

--
October 26, 2017
https://issues.dlang.org/show_bug.cgi?id=17927

--- Comment #8 from github-bugzilla@puremagic.com ---
Commits pushed to master at https://github.com/dlang/dmd

https://github.com/dlang/dmd/commit/3f7544f355eacc0ad390a89b1bc07ca2dbcf835e fix Issue 17927 - [scope]  parameter value can be escaped via return

https://github.com/dlang/dmd/commit/b46ac59c637723877b52b98ed50167e0f68aca5d Merge pull request #7235 from WalterBright/fix17927

fix Issue 17927 - [scope]  'scope inout' parameter value can be escaped via return

--
December 18, 2017
https://issues.dlang.org/show_bug.cgi?id=17927

--- Comment #9 from github-bugzilla@puremagic.com ---
Commits pushed to stable at https://github.com/dlang/dmd

https://github.com/dlang/dmd/commit/3f7544f355eacc0ad390a89b1bc07ca2dbcf835e fix Issue 17927 - [scope]  parameter value can be escaped via return

https://github.com/dlang/dmd/commit/b46ac59c637723877b52b98ed50167e0f68aca5d Merge pull request #7235 from WalterBright/fix17927

--
« First   ‹ Prev
1 2