std.digest toHexString

H. S. Teoh via Digitalmars-d-learn digitalmars-d-learn at puremagic.com
Thu Mar 16 15:06:24 PDT 2017


On Thu, Mar 16, 2017 at 02:36:15PM -0700, Jonathan M Davis via Digitalmars-d-learn wrote:
[...]
> Honestly, I think that it was a big mistake to have implicit slicing
> of static arrays in the language at all.

That makes at least 3 of us -- Adam, you, me. I'm sure there are more.


> Unfortunately, last time I tried to convince Walter of that, he seemed
> to think that the @safety improvements to the compiler were going to
> fix the problem, and they will help, but I'm of the opinion that
> slicing of static arrays should always be explicit. It's too easy to
> miss what's going on otherwise, even if it isn't an @safety problem.

Yeah, it's one of those things that seemed like a good idea on the
surface, like autodecoding, but the deeper you go, the more troubles you
discover.  Unlike autodecoding, though, any code breakage caused by
killing autoslicing of static arrays will, I speculate, only affect
already-buggy code that ought to be fixed anyway.  And AFAIK, nobody has
argued *for* implicit slicing of static arrays.


> In any case, the @safety fixes that are underway should eventually at
> least flag this as @system if not result in it being outright illegal.
> And I think that there's a good case to make any variant of this issue
> be illegal if it's guaranteed that you're going to end up with a
> pointer to invalid memory.
[...]

The wrinkle is that the way dmd currently implements this, AFAICT, is to
leave returned static array rvalues on the stack until the end of the
function, even if it's inside a nested sub-scope that is followed by
other nested sub-scopes that may go even deeper. It's not wrong to do
this -- there's no requirement per se that stack variables have to be
freed immediately upon leaving a nested scope so that the stack space
can be reused by subsequent local variables. But it does obscure this
particular issue by hiding the problem of an escaping reference to an
rvalue that has long gone out of scope.

Not even -dip1000 catches this case right now, which I think is a bug,
because the way I understand DIP 1000 is that this should be illegal.


T

-- 
It won't be covered in the book. The source code has to be useful for something, after all. -- Larry Wall


More information about the Digitalmars-d-learn mailing list