Yet another leak in the sinking ship of @safe
Jonathan M Davis via Digitalmars-d
digitalmars-d at puremagic.com
Thu Feb 18 10:55:18 PST 2016
On Thursday, 18 February 2016 at 18:41:58 UTC, H. S. Teoh wrote:
> On Thu, Feb 18, 2016 at 07:30:34PM +0100, Timon Gehr via
> Digitalmars-d wrote:
>> No problem here. There is no way to assign to a void[] without
>> doing 2.
>
> Sure there is:
>
> void breakSafety(void[] data) @safe
> {
> union U {
> void[] d;
> int[] arr;
> }
> U u;
> u.d = data;
> u.arr[0] = 0xFF; // kaboom
> }
Well, unions with an array in them can't be @safe. That's clearly
a bug, regardless of whether void[] is involved or not.
Regardless, as far as I can tell, there is zero @safety problem
with converting to void[]. You'll never get corrupted memory with
that conversion. It's converting back that risks screwing
everything up. And that's what can't be @safe.
> It's only one of many culprits. As long as there is any way
> around @safe, the entire system of guarantees breaks down.
Of course, and we went about things the wrong way with @safe. It
should have been done via whitelisting, whereas we've done it via
blacklisting. Given that fact, we're pretty much permanently at
risk of @safe being broken.
- Jonathan M Davis
More information about the Digitalmars-d
mailing list