On Monday, 7 August 2017 at 13:40:18 UTC, Moritz Maxeiner wrote:


Thanks, I wasn't aware of this. I tried fooling around scope classes and DIP1000 for a bit and was surprised that this is allowed:

Thanks for the test case :-)
It was fun to see that ASan can catch this bug too. Because writing the blog post about ASan will take quite some time still, I've pasted the demonstration below (there is a big big big caveat that will need more work from LDC's side, but you'll have to wait until the blog article).

Simplified your code for the demonstration:
```
class A {
    int i;
}

void inc(A a) @safe {
    a.i += 1; // Line 6
}

auto makeA() @safe {  // Line 9
    import std.algorithm : move;
    scope a = new A();
    return move(a);
}

void main() @safe {
    auto a = makeA();
    a.inc(); // Line 17
}
```

```
ldc2 -fsanitize=address -disable-fp-elim scopeclass.d -g -O1 -dip1000 ASAN_OPTIONS=detect_stack_use_after_return=1 ./scopeclass 2>&1 | ddemangle

=================================================================
==11446==ERROR: AddressSanitizer: stack-use-after-return on address 0x000104929050 at pc 0x0001007a9837 bp 0x7fff5f457510 sp 0x7fff5f457508
READ of size 4 at 0x000104929050 thread T0
#0 0x1007a9836 in @safe void scopeclass.inc(scopeclass.A) scopeclass.d:6
    #1 0x1007a9a20 in _Dmain scopeclass.d:17
#2 0x1008e40ce in _D2rt6dmain211_d_run_mainUiPPaPUAAaZiZ6runAllMFZ9__lambda1MFZv (scopeclass:x86_64+0x10013c0ce)
    #3 0x7fff9729b5ac in start (libdyld.dylib:x86_64+0x35ac)

Address 0x000104929050 is located in stack of thread T0 at offset 80 in frame #0 0x1007a984f in pure nothrow @nogc @safe scopeclass.A scopeclass.makeA() scopeclass.d:9
```

Reply via email to