On 01/23/2018 03:38 AM, Mike Franklin wrote:
import std.stdio;
void main() @safe
{
string foo = "foo";
string* ls0;
string* p1, p2;
ls0 = &foo;
p1 = ls0;
ls0.destroy();
p2 = ls0;
writeln(p2.length);
}
Compile with `-dip1000`
Error: program killed by signal 11
https://run.dlang.io/is/6L6zcH
So that's bad. But it looks like a bug in `-dip1000`, because if I
compile without `-dip1000`, I get:
onlineapp.d(9): Error: cannot take address of local foo in @safe
function main
https://run.dlang.io/is/rHpuf1
No bug.
`&foo` never leaves the scope, so `-dip1000` correctly allows it. If you
try to `return p1;` or `return p2;`, you get errors from `-dip1000`.
Other than that, `ls0.destroy();` just does `ls0 = null;` and then the
`writeln` does a null dereference which is considered to be a guaranteed
segfault. Segfaults are considered safe and `@safe` is not supposed to
prevent them.
