fix Issue 18143 - in/out contracts should be implicitly 'this' const#7553
fix Issue 18143 - in/out contracts should be implicitly 'this' const#7553dlang-bot merged 1 commit intodlang:masterfrom
Conversation
ibuclaw
force-pushed
the
issue18143
branch
2 times, most recently
from
a8fe66a to
a90b717
Compare
| sc2.flags = (sc2.flags & ~SCOPEcontract) | SCOPErequire; | ||
|
|
||
| // BUG: need to error if accessing out parameters | ||
| // BUG: need to treat parameters as const |
There was a problem hiding this comment.
Hmm. This PR seems to only disable writing to this, but does it also prohibit modifying function parameters?
There was a problem hiding this comment.
Ah, ok. Nevermind then. :-) I was just confused because deleting this comment in this PR makes it seem like this PR is fixing the entire issue. I suppose making this const is the last remaining issue as far as this comment is concerned?
|
LGTM. |
|
Looks like this may have found a bug in Sociomantic's Ocean
|
|
Very nice! I love compiler changes that discover bugs in existing code! |
Contains fix for the bug which will be detected by dlang/dmd#7553
Thanks to the work of @iain-buclaw-sociomantic and @mihails-strasuns-sociomantic Ocean was fixed and upgraded: sociomantic-tsunami/ocean#427 -> Jenkins should be passing now :) |
wilzbach
left a comment
wilzbach
left a comment
There was a problem hiding this comment.
We should really stop documenting bugs in the source code where they are just forgotten or confuse people because it has been fixed. Should we add the fixed "BUGS" as test cases to the testsuite?
| sc2.flags = (sc2.flags & ~SCOPEcontract) | SCOPEensure; | ||
|
|
||
| // BUG: need to treat parameters as const | ||
| // BUG: need to disallow returns and throws |
There was a problem hiding this comment.
We shouldn't document bugs in the source code like this, they should be in Bugzilla:
There was a problem hiding this comment.
Also return is already forbidden: https://run.dlang.io/is/A0JWgT
There was a problem hiding this comment.
I didn't verify any of the comments, so no idea what the state is.
| @@ -875,7 +875,6 @@ extern(C++) final class Semantic3Visitor : Visitor | |||
| sc2.flags = (sc2.flags & ~SCOPEcontract) | SCOPErequire; | |||
|
|
|||
| // BUG: need to error if accessing out parameters | |||
There was a problem hiding this comment.
Isn't this already forbidden?
There was a problem hiding this comment.
But is that accessing the out parameter, or out parameters?
There was a problem hiding this comment.
Actually, I've worked out what this means:
static int cache;
int foo(out int bar)
in
{
cache = bar; // This should be an error.
somefunc(bar); // This should be an error.
assert(bar == 0); // This should be an error.
}
There was a problem hiding this comment.
|
(rebased to hopefully fix Jenkins) |
|
Excellent! |
| // BUG: need to error if accessing out parameters | ||
| // BUG: need to treat parameters as const | ||
| // BUG: need to disallow returns and throws | ||
| // BUG: verify that all in and ref parameters are read |
There was a problem hiding this comment.
This comment as seen today appeared in D1.011.
Before it used to be:
BUG: verify that all in and inout parameters are read
Which has been here since the dawn of time svn history.
There was a problem hiding this comment.
It seems to allude to this:
int foo(in int a, ref int b)
in
{
// Should emit error: 'a' is not read in contract.
// Should emit error: 'b' is not read in contract.
}
do
{
return a + b;
}
But I don't think that any of those are a compiler bug at all, and so this comment should be removed. @WalterBright do I understand the context correctly?
There was a problem hiding this comment.
Why should an error be emitted if a parameter isn't read in the in-contract? How else would you express that any possible value is permitted for that parameter?
There was a problem hiding this comment.
Some languages enforce that some parameter are used, e.g. C# forces you to assign out parameters. One way to express this in an in contract would be to do cast(void)a; for example. But that's the kind of enforcement which IMO goes against D's approach, as many times you'll end up just trying to satisfy the compiler.
There was a problem hiding this comment.
I'm saying I don't think it should be considered as a bug. Also the comments doesn't say anything about all parameters. Just in and ref parameters.
There was a problem hiding this comment.
verify that all in and ref parameters are read
It may also be implying that all input parameters should actually be used in the implementation.
7 participants
As noted by @quickfur.
Actual error message should probably be ratified. I just borrowed the same format as the error above for modifying other parameters in contracts.