dip1000 and preview in combine to cause extra safety errors
Timon Gehr
timon.gehr at gmx.ch
Sat Jun 11 00:13:01 UTC 2022
On 6/10/22 05:15, Walter Bright wrote:
> On 6/9/2022 5:58 AM, Timon Gehr wrote:
>> But if the compiler can easily tell that something makes no sense, it
>> should still be an error in both `@safe` and `@system` code!
>
> Sometimes it makes sense for a function to return the address of a
> local. For example, if you want to detect how large the stack has
> gotten. I use this in, for example, the garbage collector to see how
> much stack needs to be scanned. It can also be used to "step" on the
> stack after a function returns, as one might want to do for security
> software.
>
> I've also done things like write 0xDEADBEEF all over memory in order to
> flush out memory bugs. This involves using pointers in UB ways that
> don't make sense as far as the language is concerned.
>
> In @safe code it is nonsense to write specific numbers into a pointer.
> But in @system code, it does make sense.
>
> I don't think one could write a symbolic debugger with @safe code. Like
> writing instruction bytes into a buffer, and then calling it? How unsafe
> can one get? :-)
>
> And so on.
Well, you can do that knowing what the backend will or will not do with
code that the spec says could mean anything at all. Others may be a bit
less privileged. ;) If it's needed, I think it's better to have explicit
support for such use cases, not involving any UB.
More information about the Digitalmars-d
mailing list