Thread overview
[Issue 18002] assert subverts the type system with the messages that it accepts
Nov 21, 2017
Ketmar Dark
Nov 22, 2017
anonymous4
5 days ago
RazvanN
November 21, 2017
https://issues.dlang.org/show_bug.cgi?id=18002

hsteoh@quickfur.ath.cx changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |hsteoh@quickfur.ath.cx

--- Comment #1 from hsteoh@quickfur.ath.cx ---
*** Issue 18003 has been marked as a duplicate of this issue. ***

--
November 21, 2017
https://issues.dlang.org/show_bug.cgi?id=18002

--- Comment #2 from hsteoh@quickfur.ath.cx ---
See the code I posted in issue #18003.  The compiler should reject any attempt to pass a slice of a local variable to assert().

--
November 21, 2017
https://issues.dlang.org/show_bug.cgi?id=18002

hsteoh@quickfur.ath.cx changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |accepts-invalid

--
November 21, 2017
https://issues.dlang.org/show_bug.cgi?id=18002

Ketmar Dark <ketmar@ketmar.no-ip.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ketmar@ketmar.no-ip.org

--
November 22, 2017
https://issues.dlang.org/show_bug.cgi?id=18002

--- Comment #3 from anonymous4 <dfj1esp02@sneakemail.com> ---
The message is not necessarily static and immutability is only a requirement of default druntime implementation of assert failure handler, so it should be enough for the assert failure handler to idup the string before passing it to AssertError constructor.

--
November 22, 2017
https://issues.dlang.org/show_bug.cgi?id=18002

--- Comment #4 from hsteoh@quickfur.ath.cx ---
.idup may not be usable if the assert is triggered by an out-of-memory condition.

--
5 days ago
https://issues.dlang.org/show_bug.cgi?id=18002

RazvanN <razvan.nitu1305@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |razvan.nitu1305@gmail.com

--- Comment #5 from RazvanN <razvan.nitu1305@gmail.com> ---

The compiler attempts to implicitly cast to `const(char)[]`. Since the assert does not actually modify the message that should be fine, however, because the lowering to _d_assert_msg is done in the gluelayer it does not check the type of the message argument (if the frontend did not reject the code it means that the implicit cast to const(char)[] was possible).

This seems a bit iffy, however, I don't see this as being a problem in @safe code.

> See the code I posted in issue #18003.  The compiler should reject any attempt to pass a slice of a local variable to assert().

That behavior has now been deprecated provided that the function is marked @safe.

--