Yet another leak in the sinking ship of @safe
Jonathan M Davis via Digitalmars-d
digitalmars-d at puremagic.com
Thu Feb 18 13:50:08 PST 2016
On Thursday, 18 February 2016 at 20:24:18 UTC, H. S. Teoh wrote:
> On Thu, Feb 18, 2016 at 07:25:16PM +0000, Jonathan M Davis via
> Digitalmars-d wrote:
>> On Thursday, 18 February 2016 at 18:58:56 UTC, H. S. Teoh
>> wrote:
>> >On Thu, Feb 18, 2016 at 06:50:34PM +0000, Jonathan M Davis
>> >via Digitalmars-d wrote:
>> >>On Thursday, 18 February 2016 at 18:41:25 UTC, Steven
>> >>Schveighoffer wrote:
>> >[...]
>> >>>foo(void[] arr)
>> >>>{
>> >>> void[] arr2 = [1234, 5678, 91011];
>> >>> arr[] = arr2[0 .. arr.length];
>> >>>}
>> >>
>> >>Well, I'm not sure that that's actually not @safe.
>> >
>> >How can it possibly be @safe??? Consider:
>> >
>> > void main() @safe {
>> > Object[] objs = [ new Object() ];
>> > foo(objs);
>> > }
>> >
>> >Now the pointer to the Object instance has been corrupted.
>>
>> Does it matter what state the void[] is in until you actually
>> attempt to cast it to something else? If you have
>>
>> Object[] oArr = [ new Object ];
>> void[] vArr = oArr;
>> vArr = vArr[0 .. $ - 1];
>>
>> it's not like that's going to cause any problems - not by
>> itself.
>
> I think you misread Steven's code.
Yes. It looks like I did.
> So the bottom line is that the array copy cannot be @safe.
Exactly. Passing it around is fine, but mutating it definitely is
not.
> The larger question, is what, if anything, *can* you do with
> void[] besides read-only operations, that doesn't break @safe?
> Once something is (implicitly or otherwise) cast to void[], all
> type information is forgotten, and there is no way, that I can
> tell, to write to a void[] without causing @safe breakage. If
> so, wouldn't it make sense to require that the type should be
> const(void)[] rather than void[]?
Why? The problem isn't that void[] was passed it. It's that what
was done to it after it was passed in was not @safe. We need to
fix it so that the compiler doesn't consider mutating void[] or
casting away from it or doing anything with it that could corrupt
memory @safe, but passing it around is perfectly @safe, even if
it's not very useful by itself. So, I see no reason to make any
requirements about const. As long as dmd correctly catches the
operations that aren't @safe, the function which is passed the
void[] and does more than pass it around is going to be forced to
be @system anyway. So making any requirements about const(void[])
buys us nothing.
- Jonathan M Davis
More information about the Digitalmars-d
mailing list