Shouldn't invalid references like this fail at compile time?
ag0aep6g
anonymous at example.com
Tue Jan 23 06:23:38 UTC 2018
On 01/23/2018 03:38 AM, Mike Franklin wrote:
> import std.stdio;
>
> void main() @safe
> {
> string foo = "foo";
> string* ls0;
> string* p1, p2;
>
> ls0 = &foo;
> p1 = ls0;
> ls0.destroy();
> p2 = ls0;
> writeln(p2.length);
> }
>
> Compile with `-dip1000`
>
> Error: program killed by signal 11
>
> https://run.dlang.io/is/6L6zcH
>
> So that's bad. But it looks like a bug in `-dip1000`, because if I
> compile without `-dip1000`, I get:
>
> onlineapp.d(9): Error: cannot take address of local foo in @safe
> function main
>
> https://run.dlang.io/is/rHpuf1
No bug.
`&foo` never leaves the scope, so `-dip1000` correctly allows it. If you
try to `return p1;` or `return p2;`, you get errors from `-dip1000`.
Other than that, `ls0.destroy();` just does `ls0 = null;` and then the
`writeln` does a null dereference which is considered to be a guaranteed
segfault. Segfaults are considered safe and `@safe` is not supposed to
prevent them.
More information about the Digitalmars-d
mailing list