[Issue 16266] New: @safe functions may dereference non-dereferenceable pointers
via Digitalmars-d-bugs
digitalmars-d-bugs at puremagic.com
Mon Jul 11 19:36:23 PDT 2016
https://issues.dlang.org/show_bug.cgi?id=16266
Issue ID: 16266
Summary: @safe functions may dereference non-dereferenceable
pointers
Product: D
Version: D2
Hardware: x86_64
OS: Linux
Status: NEW
Severity: normal
Priority: P1
Component: dmd
Assignee: nobody at puremagic.com
Reporter: andrei at erdani.com
Consider:
@safe
int foo(int *iPtr) {
return *iPtr;
}
@safe
int bar(int[] iSlice) {
return foo(iSlice.ptr);
}
@safe int[] baz(int[] a) {
return bar(a[$ .. $];
}
Calling baz with any array will end up passing a non-dereferenceable pointer to
foo. This corner case needs to be addressed. There are a few possibilities:
1. Simply disallow taking .ptr for any array in @safe code.
2. Insert a runtime check whenever array.ptr is passed into a @safe function
(array must be non-empty).
3. Require flow, for example this could be made legal:
@safe
int bar(int[] iSlice) {
return iSlice.empty ? 42 : foo(iSlice.ptr);
}
Probably (2) would be the best all things considered.
--
More information about the Digitalmars-d-bugs
mailing list