On Friday, 24 May 2019 at 12:32:45 UTC, ag0aep6g wrote:
On 24.05.19 13:41, Atila Neves wrote:
[...]
You've got safety violations:
----
/+ dub.sdl:
name "test"
dependency "nogc" version="~>0.5.0"
+/
import core.stdc.stdio: puts;
struct S1
{
S2 s2;
this(ref const S1 src) const @nogc @system { this.s2 =
src.s2; }
}
struct S2
{
this(ref const S2 src) const @nogc @system { puts("@system
1"); }
}
struct Z
{
char* stringz() const @nogc @system
{
puts("@system 2");
return null;
}
}
struct UnsafeAllocator
{
import std.experimental.allocator.mallocator: Mallocator;
enum instance = UnsafeAllocator.init;
void deallocate(void[] bytes) @nogc @system
{
puts("@system 3");
Mallocator.instance.deallocate(bytes);
}
void[] allocate(size_t sz) @nogc @system
{
puts("@system 4");
return Mallocator.instance.allocate(sz);
}
}
void main() @safe @nogc
{
import nogc: BUFFER_SIZE, text;
S1 a;
Z* z;
auto t = text!(BUFFER_SIZE, UnsafeAllocator)(a, z);
}
----
All of the `puts` lines are executed. That should not be
possible in @safe code. You're applying @trusted too liberally.
Thanks for this. I think the only violation is calling `stringz`
on `Z`, and that was due to a poorly designed DbI check on being
able to call `stringz`. Allocating generally isn't @system, and
freeing is ok to trust since vector is taking care of it for us.
I've pushed a fix.
