[Issue 8471] std.stdio.readf should be @trusted

2017-03-22 Thread via Digitalmars-d-bugs 
https://issues.dlang.org/show_bug.cgi?id=8471

github-bugzi...@puremagic.com changed:

   What|Removed |Added

 Status|REOPENED|RESOLVED
 Resolution|--- |FIXED

--

[Issue 8471] std.stdio.readf should be @trusted

2017-03-22 Thread via Digitalmars-d-bugs 
https://issues.dlang.org/show_bug.cgi?id=8471

--- Comment #20 from github-bugzi...@puremagic.com ---
Commits pushed to stable at https://github.com/dlang/phobos

https://github.com/dlang/phobos/commit/882a1fb8f62b872f3463e9fca2b2e1e04d36effb
Fix issue #8471 - allow only pointers as readf parameters

https://github.com/dlang/phobos/commit/0059fc3263b9ebd62ef7c6c7b3eed4b20f313364
Merge pull request #5076 from byebye/issue_8471

--

[Issue 8471] std.stdio.readf should be @trusted

2017-03-18 Thread via Digitalmars-d-bugs 
https://issues.dlang.org/show_bug.cgi?id=8471

--- Comment #19 from Andrei Alexandrescu  ---
@Bolpat (In reply to Bolpat from comment #18)
> As Andrei pointed out, readf has its signature for historic reasons. Please
> check out my pull: https://github.com/dlang/phobos/pull/5247 If I'm correct,
> we can deprecate formattedRead and with it readf with pointers.
> 
> Tell me if I'm wrong, but there is no justification to make readf @trusted.
> It accesses a __gshared global and is not @safe for good reasons.

Using __gshared is not problematic because the reading primitives are
interlocked.

--

[Issue 8471] std.stdio.readf should be @trusted

2017-03-17 Thread via Digitalmars-d-bugs 
https://issues.dlang.org/show_bug.cgi?id=8471

Bolpat  changed:

   What|Removed |Added

 CC||qs.il.paperi...@gmail.com

--- Comment #18 from Bolpat  ---
As Andrei pointed out, readf has its signature for historic reasons. Please
check out my pull: https://github.com/dlang/phobos/pull/5247 If I'm correct, we
can deprecate formattedRead and with it readf with pointers.

Tell me if I'm wrong, but there is no justification to make readf @trusted. It
accesses a __gshared global and is not @safe for good reasons.

--

[Issue 8471] std.stdio.readf should be @trusted

2017-02-26 Thread via Digitalmars-d-bugs 
https://issues.dlang.org/show_bug.cgi?id=8471

greenify  changed:

   What|Removed |Added

 Status|RESOLVED|REOPENED
 CC||greeen...@gmail.com
 Resolution|FIXED   |---

--- Comment #17 from greenify  ---
(wrongly closed)

--

[Issue 8471] std.stdio.readf should be @trusted

2017-02-24 Thread via Digitalmars-d-bugs 
https://issues.dlang.org/show_bug.cgi?id=8471

github-bugzi...@puremagic.com changed:

   What|Removed |Added

 Status|REOPENED|RESOLVED
 Resolution|--- |FIXED

--

[Issue 8471] std.stdio.readf should be @trusted

2017-02-24 Thread via Digitalmars-d-bugs 
https://issues.dlang.org/show_bug.cgi?id=8471

--- Comment #16 from github-bugzi...@puremagic.com ---
Commits pushed to newCTFE at https://github.com/dlang/phobos

https://github.com/dlang/phobos/commit/882a1fb8f62b872f3463e9fca2b2e1e04d36effb
Fix issue #8471 - allow only pointers as readf parameters

https://github.com/dlang/phobos/commit/0059fc3263b9ebd62ef7c6c7b3eed4b20f313364
Merge pull request #5076 from byebye/issue_8471

--

[Issue 8471] std.stdio.readf should be @trusted

2017-02-05 Thread via Digitalmars-d-bugs 
https://issues.dlang.org/show_bug.cgi?id=8471

Jakub Łabaj  changed:

   What|Removed |Added

 Status|RESOLVED|REOPENED
 Resolution|FIXED   |---

--- Comment #15 from Jakub Łabaj  ---
It's not fixed yet, my commit doesn't really make readf @safe/@trusted (sorry
for the mess).

--

[Issue 8471] std.stdio.readf should be @trusted

2017-02-01 Thread via Digitalmars-d-bugs 
https://issues.dlang.org/show_bug.cgi?id=8471

github-bugzi...@puremagic.com changed:

   What|Removed |Added

 Status|REOPENED|RESOLVED
 Resolution|--- |FIXED

--

[Issue 8471] std.stdio.readf should be @trusted

2017-02-01 Thread via Digitalmars-d-bugs 
https://issues.dlang.org/show_bug.cgi?id=8471

--- Comment #14 from github-bugzi...@puremagic.com ---
Commits pushed to master at https://github.com/dlang/phobos

https://github.com/dlang/phobos/commit/882a1fb8f62b872f3463e9fca2b2e1e04d36effb
Fix issue #8471 - allow only pointers as readf parameters

https://github.com/dlang/phobos/commit/0059fc3263b9ebd62ef7c6c7b3eed4b20f313364
Merge pull request #5076 from byebye/issue_8471

Fix issue #8471 - allow only pointers as readf parameters

--

[Issue 8471] std.stdio.readf should be @trusted

2017-01-30 Thread via Digitalmars-d-bugs 
https://issues.dlang.org/show_bug.cgi?id=8471

--- Comment #13 from Jakub Łabaj  ---
I understand now, thanks!

You can find my profile here: https://github.com/byebye. I've create a simple
PR:  https://github.com/dlang/phobos/pull/5040 for similar issue involving
formattedRead, where I was wondering if I should restrict arguments to
pointers. So it seems the solution would be exactly the same in both cases.

--

[Issue 8471] std.stdio.readf should be @trusted

2017-01-30 Thread via Digitalmars-d-bugs 
https://issues.dlang.org/show_bug.cgi?id=8471

--- Comment #12 from Andrei Alexandrescu  ---
@Jakub, what's your github id? thx!

--

[Issue 8471] std.stdio.readf should be @trusted

2017-01-30 Thread via Digitalmars-d-bugs 
https://issues.dlang.org/show_bug.cgi?id=8471

--- Comment #11 from Andrei Alexandrescu  ---
Oh, sorry. The idea is to leave readf unqualified and let the compiler infer
whether it's safe or not.

In this particular case I see there's a simple solution - just add a constraint
to it making sure all parameters are pointers. Something like:

uint readf(Data...)(in char[] format, Data data)
if (allSatisfy!(isPointer, Data);

Then the only way to call readf is with pointers, which eliminates the
possibility of shenanigans.

--

[Issue 8471] std.stdio.readf should be @trusted

2017-01-30 Thread via Digitalmars-d-bugs 
https://issues.dlang.org/show_bug.cgi?id=8471

--- Comment #10 from Jakub Łabaj  ---
I know how to create PRs, I've already created some. What I mean is I'm not
sure how you see the solution, e.g. '@safe function with a small @trusted
core', could elaborate on this, please?

--

[Issue 8471] std.stdio.readf should be @trusted

2017-01-30 Thread via Digitalmars-d-bugs 
https://issues.dlang.org/show_bug.cgi?id=8471

--- Comment #9 from Andrei Alexandrescu  ---
(In reply to Jakub Łabaj from comment #8)
> Sorry, I'm not sure what you mean by that - what are the next steps to do
> here?

I think Razvan Nitu has reached out to you on how to go about creating PRs.

--

[Issue 8471] std.stdio.readf should be @trusted

2017-01-19 Thread via Digitalmars-d-bugs 
https://issues.dlang.org/show_bug.cgi?id=8471

--- Comment #8 from Jakub Łabaj  ---
Sorry, I'm not sure what you mean by that - what are the next steps to do here?

--

[Issue 8471] std.stdio.readf should be @trusted

2017-01-19 Thread via Digitalmars-d-bugs 
https://issues.dlang.org/show_bug.cgi?id=8471

--- Comment #7 from Andrei Alexandrescu  ---
Cool, thanks, then the bug is legit. The fix would be a @safe function with a
small @trusted core.

--

[Issue 8471] std.stdio.readf should be @trusted

2017-01-18 Thread via Digitalmars-d-bugs 
https://issues.dlang.org/show_bug.cgi?id=8471

--- Comment #6 from Jakub Łabaj  ---
Currently I see one way to break the safety, which is to not pass a real
pointer, but a structure with unary '*' overloaded:

@safe unittest
{
struct Unsafe
{
int* x;
ref int opUnary(string s)() if (s == "*")
{
int y;
// int* ptr =  // not @safe
return *x;
}
}
static int x;
static Unsafe unsafe;
unsafe.x = 
string text = "10";
formattedRead(text, "%d ", unsafe); // called by readf
assert(*unsafe.x == 10);
}

Probably I can't mess up assignment operator nor constructor, because only
builtin types are parsable (constrained by function unformatValue). So I think
making formattedRead / readf accepting only pointers to builtin types is a way
to make them @trusted.

--

[Issue 8471] std.stdio.readf should be @trusted

2017-01-17 Thread via Digitalmars-d-bugs 
https://issues.dlang.org/show_bug.cgi?id=8471

--- Comment #5 from Andrei Alexandrescu  ---
(In reply to Jakub Łabaj from comment #4)
> According to Steven's blog post
> (http://dlang.org/blog/2016/09/28/how-to-write-trusted-code-in-d/) I should
> "never use @trusted on template functions that accept arbitrary types". Is
> the readf case special in this regard?

If readf calls user-defined functions (constructor, assignment) then yes that's
a problem. The smoking gun would be an unsafe unittest that passes with the
current implementation. Can you write one?

--

[Issue 8471] std.stdio.readf should be @trusted

2017-01-16 Thread via Digitalmars-d-bugs 
https://issues.dlang.org/show_bug.cgi?id=8471

Jakub Łabaj  changed:

   What|Removed |Added

 CC||uaaabbj...@gmail.com

--- Comment #4 from Jakub Łabaj  ---
According to Steven's blog post
(http://dlang.org/blog/2016/09/28/how-to-write-trusted-code-in-d/) I should
"never use @trusted on template functions that accept arbitrary types". Is the
readf case special in this regard?

--

[Issue 8471] std.stdio.readf should be @trusted

2016-10-16 Thread via Digitalmars-d-bugs 
https://issues.dlang.org/show_bug.cgi?id=8471

Andrei Alexandrescu  changed:

   What|Removed |Added

   Keywords||bootcamp

--

[Issue 8471] std.stdio.readf

2012-07-30 Thread d-bugmail 
http://d.puremagic.com/issues/show_bug.cgi?id=8471


Andrei Alexandrescu and...@metalanguage.com changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 CC||and...@metalanguage.com
 Resolution||WONTFIX


--- Comment #1 from Andrei Alexandrescu and...@metalanguage.com 2012-07-30 
06:50:18 PDT ---
When readf was defined, ref didn't work with variadics. Closing because fixing
behavior now would break existing code.

-- 
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
--- You are receiving this mail because: ---

[Issue 8471] std.stdio.readf

2012-07-30 Thread d-bugmail 
http://d.puremagic.com/issues/show_bug.cgi?id=8471


bearophile_h...@eml.cc changed:

   What|Removed |Added

 CC||bearophile_h...@eml.cc


--- Comment #2 from bearophile_h...@eml.cc 2012-07-30 07:01:56 PDT ---
(In reply to comment #1)
 When readf was defined, ref didn't work with variadics. Closing because fixing
 behavior now would break existing code.

Maybe a less bug prone and different named function should be added, that uses
ref...

-- 
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
--- You are receiving this mail because: ---

[Issue 8471] std.stdio.readf should be @trusted

2012-07-30 Thread d-bugmail 
http://d.puremagic.com/issues/show_bug.cgi?id=8471


Andrei Alexandrescu and...@metalanguage.com changed:

   What|Removed |Added

 Status|RESOLVED|REOPENED
 Resolution|WONTFIX |
Summary|std.stdio.readf |std.stdio.readf should be
   ||@trusted


--- Comment #3 from Andrei Alexandrescu and...@metalanguage.com 2012-07-30 
08:11:42 PDT ---
Actually it's not that bad - readf is not bug prone because it statically
ensures that all of its parameters are pointers. Using pointers is also safe
because readf doesn't escape them. Actually I'm reopening this with a different
title.

-- 
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
--- You are receiving this mail because: ---