Skip to content

fix Issue 16589 - Taking address of stack variables in @safe code is …#6172

Merged
WalterBright merged 1 commit intodlang:masterfrom
WalterBright:fix16589
Oct 7, 2016
Merged

fix Issue 16589 - Taking address of stack variables in @safe code is …#6172
WalterBright merged 1 commit intodlang:masterfrom
WalterBright:fix16589

Conversation

@WalterBright
Copy link
Member

@WalterBright WalterBright commented Oct 4, 2016

…allowed in some cases

@dlang-bot
Copy link
Contributor

dlang-bot commented Oct 4, 2016

Fix Bugzilla Description
16589 Taking address of stack variables in @safe code is allowed in some cases

@mathias-lang-sociomantic
Copy link
Contributor

mathias-lang-sociomantic commented Oct 4, 2016

Should it be part of -transition=safe ?

@WalterBright WalterBright force-pushed the fix16589 branch 3 times, most recently from 099677b to d91a93e Compare October 4, 2016 10:36
@WalterBright
Copy link
Member Author

WalterBright commented Oct 4, 2016

Unfortunately, yes, as it is tripping in Phobos.

@mihails-strasuns
Copy link

mihails-strasuns commented Oct 4, 2016

Isn't it unnecessarily limiting though to implement this separately from DIP1000? It is perfectly valid to take address of the field and pass it to some function (expecting pointer) for processing, I would be very surprised if there isn't plenty of such code in the wild. Thus if it gets merged alone, it would break some legit use cases without a tool to make it work again (== scope).

@WalterBright
Copy link
Member Author

WalterBright commented Oct 4, 2016
edited
Loading

It's been an error for years to take the address of a local in @safe code. It does not make sense to allow taking the address of a field of a local. This was not checked for, and that's what this PR does. It is not part of DIP1000.

It does break at least one Phobos function (the autotester quits at the first error), which is why I amended it to only check if -transition=safe, but the code is incorrect. Allowing this in @safe code breaks the whole point of ref.

If the user needs to & a local, the way to do it is by ref instead, or make it @trusted.

BTW, this rule nicely resolves the ambiguity of what return refers to with a parameter marked as return ref scope. If the function returns by ref, the return applies to the ref.

andralex
andralex approved these changes Oct 6, 2016
View reviewed changes
Copy link
Member

@andralex andralex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Few nits to improve the lot of readers and reduce LOC.

src/expression.d

bool checkAddressVar(VarDeclaration v)
{
if (v)
Copy link
Member

@andralex andralex Oct 6, 2016
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

if (!v)
    return true; // nuttin' to do
... rest of the code ...

src/expression.d
}
if (sc.func && !sc.intypeof && !v.isDataseg())
{
if (sc.func.setUnsafe())
Copy link
Member

@andralex andralex Oct 6, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if + if = &&

if (sc.func && !sc.intypeof && !v.isDataseg() && sc.func.setUnsafe())
{
    ...
}

src/expression.d
VarDeclaration v = ve.var.isVarDeclaration();
if (v)
{
if (!checkAddressVar(v))
Copy link
Member

@andralex andralex Oct 6, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

if (v && !checkAddressVar(v))
    return new ErrorExp();

src/expression.d
VarDeclaration v = ve.var.isVarDeclaration();
if (v && v.storage_class & STCref)
{
if (!checkAddressVar(v))
Copy link
Member

@andralex andralex Oct 6, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

if (v && v.storage_class & STCref) && !checkAddressVar(v))
    return new ErrorExp();

src/expression.d
VarDeclaration v = ve.var.isVarDeclaration();
if (v)
{
if (!checkAddressVar(v))
Copy link
Member

@andralex andralex Oct 6, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

if (v && !checkAddressVar(v))
    return new ErrorExp();

@WalterBright
Copy link
Member Author

WalterBright commented Oct 7, 2016

Auto-merge toggled on

@WalterBright WalterBright merged commit c871b7b into dlang:master Oct 7, 2016
@mihails-strasuns mihails-strasuns mentioned this pull request Nov 28, 2016
Closed
@iK4tsu iK4tsu mentioned this pull request Sep 15, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@andralex andralex andralex approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@WalterBright @dlang-bot @mathias-lang-sociomantic @mihails-strasuns @andralex