Re: Store any callable in an array

Mon, 07 May 2018 04:26:22 -0700 

On Monday, 7 May 2018 at 10:20:22 UTC, ag0aep6g wrote:

On 05/07/2018 04:41 AM, wjoe wrote:

Could you elaborate on the unsafe destructor please?



If TFunc has an unsafe destructor, asDelegate is also not safe 
and can't be @trusted.


An example of how that can break safety:

----
auto asDelegate(TFunc)(TFunc func) @trusted
{
     import std.functional : toDelegate;
     return toDelegate(func);
}

int* ptr;
size_t length;

struct S
{
    void opCall() {}
    ~this() @system
    {
        ptr[length - 1] = 13;
    }
}

void main() @safe
{
    ptr = new int;
    length = 5; /* Whoops, got the length wrong. */
    immutable int* imm = new int(42);
    auto dg = asDelegate(S.init);

    assert(*imm == 42); /* Fails. Immutability has been broken. 
*/

}
----


The program has undefined behavior, which means it's invalid. 
And it's the fault of the wrong @trusted.



Are there any other gotchas ?



The postblit function `this(this)` is also commonly overlooked 
with regards to @trusted. It might not be a problem here, 
though, because toDelegate has a `ref` parameter.


An unsafe `alias this` would be another problem. Example:
----
/* ... asDelegate, ptr, length, main as above ... */
struct S
{
    @property T t() @system
    {
        ptr[length - 1] = 13;
        return T.init;
    }
    alias t this;
}
struct T
{
    void opCall() {}
}
----

Those are the things I can see happening in asDelegate.


Additionally, you'd have to check what the toDelegate call does 
exactly before trusting it. And if it turns out that the call 
can be trusted, then you can probably just mark toDelegate 
itself as @trusted. And then there would be no need for 
asDelegate anymore.



Thank you for taking the time to write up this reply and widen my 
horizon. Very much appreciated.



After further investigation I found a post where someone asked 
about the differences of function/delegate and one of the replies 
explained that functions converted to a delegate occur a 
considerable performance impact.



This and since toDelegate has a bug with @safe functions, and 
slapping a @trusted on to it sounds like more headache than it's 
worth, I will handle these cases separately.


Thanks everybody for all the replies.






















					Reply via email to