[Issue 21565] @safe code allows modification of a scalar that overlaps with a pointer
d-bugmail at puremagic.com
d-bugmail at puremagic.com
Thu Jan 21 15:51:17 UTC 2021
https://issues.dlang.org/show_bug.cgi?id=21565
--- Comment #6 from ag0aep6g <ag0aep6g at gmail.com> ---
(In reply to Paul Backus from comment #2)
> The question is: should the value of `t` after `t.x = 5`, in comment 1's
> example, be considered an unsafe value?
[...]
> If we amend the spec as follows:
>
> > A struct/union instance is safe when:
> >
> > * the values of its accessible fields are safe, and
> > * it does not introduce unsafe aliasing with unions **that is accessible
> > from @safe code**.
>
> ...then `t`'s value becomes safe, and we are allowed to use it in @safe and
> @trusted code as long as we are careful not to let @safe code access `t.x`
> and `t.y` at the same time.
>
> I think this interpretation is much more useful, and almost certainly the
> intended one, so I suggest that this is really a bug in the spec, not the
> implementation.
>
> [1] https://dlang.org/spec/function.html#safe-interfaces
I can say that I did not intend that interpretation when I added "safe
aliasing" to the spec. But I might have been overly conservative.
Currently, the spec explicitly says that @safe code "Cannot access unions that
have pointers or references overlapping with other types."[1] If that's so,
then I guess it doesn't matter whether the union's aliasing is safe or not,
because @safe code can't access it at all.
And I guess it's still okay even if we change that to allow access to the
non-pointy bits of the union, because the @safe code just sees another harmless
int (or whatever).
As far as I can tell, that means all possible union values can be considered
safe (just like all ints are safe), and we can remove the parts about
"[introducing] unsafe aliasing with unions" from the "save values" section. One
must still be careful not to expose the unsafe aliasing to @safe code in other
ways, but that's already covered by the spec.
I wouldn't have designed it this way, but it seems to be what DMD is going for.
[1] https://dlang.org/spec/function.html#safe-functions
--
More information about the Digitalmars-d-bugs
mailing list