Understanding DIP 1000 semantics -- Where's the bug?
Meta
jared771 at gmail.com
Mon Sep 23 18:46:40 UTC 2019
On Monday, 23 September 2019 at 18:39:03 UTC, Sebastiaan Koppe
wrote:
> On Monday, 23 September 2019 at 08:46:18 UTC, Olivier FAURE
> wrote:
>> Whoops. The following code compiles with -dip1000.
>>
>> @safe:
>>
>> int* foo(ref int x)
>> {
>> int* a = &x;
>> return a;
>> }
>>
>> void main() {
>> int* p;
>> {
>> int x;
>> p = foo(x);
>> }
>> *p = 1; // Memory corruption
>> }
>>
>> That's a bug.
>
> Well, dip1000 doesn't do data-flow analyses. Which means the
> compiler doesn't see that `x` escapes through `a`.
AFAICT, according to dip1000 this code should not allow the
result of `foo(x)` to be assigned to p, as it has a longer
lifetime. Likewise, it should not allow foo to return &x without
the parameter being annotated with `return`. This looks like a
bug in the implementation.
More information about the Digitalmars-d
mailing list