fix Issue 16747 - Cannot have stack allocated classes in @safe code

[WalterBright]

Stack allocated classes with no destructors do not need to call delete.

[dlang-bot]

Fix	Bugzilla	Description
✓	16747	[Reg 2.072] Cannot have stack allocated classes in @safe code

[mathias-lang-sociomantic]

If the dtor is safe, why wouldn't we allow destruction ?

[MartinNowak]

I think it's because delete uses a C interface and destroys using TypeInfo.

[mathias-lang-sociomantic]

But surely at this point, we know the destruction is @safe ?

[MartinNowak]

Please add a separate error message (e.g. "deleting classes with destructors is unsafe atm.") for the hasDtor case, it seems like an internal limitation of the dmd/druntime API, and it would be very hard for people to understand why their code breaks by adding a dtor.

[MartinNowak]

Non-risky bugfixes and in particular all regression fixes should always go into stable.
It's unacceptable that you're constantly ignoring this simple rule.
We've already missed several regression fixes in previous releases due to this not being followed. We could use the dlang-bot to catch this.

I've changed the target branch to stable, please rebase your PR.
See http://stackoverflow.com/a/10853956 for how to do that.

[MartinNowak]

Ping

[MartinNowak]

Something along the line of git rebase --onto upstream/stable upstream/master fix16747 should do the trick. Make sure to fetch upstream beforehand.

[mihails-strasuns]

@MartinNowak FYI: I have rebased it and would highly recommend everyone to take similar approach. Wait time on back-and-forth requests for technical trivialities is quite a productivity killer - it is much more practical to make such adjustments directly and move on.

[mathias-lang-sociomantic]

delete is not @nogc ?

[WalterBright]

new/delete are part of the gc.

[mathias-lang-sociomantic]

Makes sense. I was under the impression that it would affect scope class, but it doesn't.
However, the following now compiles with the P.R. (commit 43ddb33):

@safe void dl (int* v) { delete v; }

Which is not the intent of this P.R.

[WalterBright]

good catch

[mathias-lang-sociomantic]

My comments applied to all the change to the test suite.

void main () @safe
{
    auto f = new Object();
    delete f;
}

Compiles with your P.R., and obviously shouldn't

[mathias-lang-sociomantic]

What about the following ?

void c () @safe
{
    scope o = new Object;
    delete o;
    auto x = o.toHash();
}

I'd suggest we just prohibit explicit destruction of scope instance

[mihails-strasuns]

This definitely requires adding distinction between compiler-injected delete call and manual one (i.e. define __delete_automatic which does the same as delete but is allowed in @safe.

[WalterBright]

@Dicebot yes, I think you're right. But I don't have time to work on this at the moment, it'll have to wait a bit.

[MartinNowak]

@MartinNowak FYI: I have rebased it and would highly recommend everyone to take similar approach. Wait time on back-and-forth requests for technical trivialities is quite a productivity killer - it is much more practical to make such adjustments directly and move on.

I explicitly didn't do it, b/c I need Walter to learn how to target the stable branch. It doesn't help if you or I constantly have to rebase PRs from other people. Maybe we should reconsider a few github workflows to make this smoother, but the fact that people already have problems w/ only 2 branches is fairly frustrating.
And the rule is really trivial, if you want to fix sth. that has already been released, you branch from stable and target stable, always.

[WalterBright]

ping @MartinNowak

[mathias-lang-sociomantic]

LGTM

[mihails-strasuns]

typo

[WalterBright]

fixed

[mihails-strasuns]

FYI @MartinNowak this is the PR we have mentioned yesterday that most likely needs to be moved to scope branch. Please sanity check me.

[mathias-lang-sociomantic]

Why ? It's a regression in 2.072.0. It is valid code which stopped to compile.

[mihails-strasuns]

It opens an infinite hole in @safe without lifetime checks like ones implememted in scope branch.

[mathias-lang-sociomantic]

It opens an infinite hole in @safe without lifetime checks like ones implememted in scope branch.

This hole was already there before 2.072.0. What 2.072.0 did was breaking code that could be valid (but could not be verified by the compiler). And breaking valid code is not something we should ever do.

[MartinNowak]

Yes, but thanks for mentioning this anyhow, it's not obvious from the PR and prolly wasn't considered.

Disallowing the use of DeleteExp in @safe code (#5887) did incidentally fix escaping of references to stack allocated classes, by bluntly breaking all usage of scope classes.
Usage of scope classes in @safe code was a safety hole before 2.072.0 and should be addressed by the scope/DIP1000 work.
While this PR will reopen safety holes w/ scope classes in 2.072.2, it's much more important to not have an intermediate (until scope/DIP1000 work) breakage of all stack allocated classes in @safe code.

[MartinNowak]

Auto-merge toggled on

[MartinNowak]

There is one failing test on OSX (even after repeating it).
https://auto-tester.puremagic.com/show-run.ghtml?projectid=14&runid=2312526&isPull=true
https://auto-tester.puremagic.com/show-run.ghtml?projectid=14&runid=2311102&isPull=true
It rather looks like an issue with the OSX auto tester machine (D-Autotester.local (98.229.209.219)) @braddr.
So I'm still merging this because the same OSX tests on Travis-CI do pass and it fixes a major regression.