https://issues.dlang.org/show_bug.cgi?id=24098
Issue ID: 24098
Summary: Safe variable can be initialized from `@system` static
constructor.
Product: D
Version: D2
Hardware: All
OS: All
Status: NEW
Keywords: accepts-invalid, safe, spec
Severity: normal
Priority: P3
Component: dmd
Assignee: nob...@puremagic.com
Reporter: timon.g...@gmx.ch
DMD 2.105.0:
```d
int* x;
@system static this(){
x=cast(int*)0xDEADBEEF;
}
void main()@safe{
import std.stdio;
writeln(*x);
}
```
>From the language specification:
---
When it is only called with safe values and safe aliasing, a function has a
safe interface when:
1. it cannot exhibit undefined behavior, and
2. it cannot create unsafe values that are accessible from other parts of
the program (e.g., via return values, global variables, or ref parameters), and
3. it cannot introduce unsafe aliasing that is accessible from other parts
of the program.
Functions that meet these requirements may be @safe or @trusted. Function that
do not meet these requirements can only be @system.
---
Clearly the main function does not meet requirement 2., yet is annotated
`@safe` and compiles.
Fixing this may require some thinking about language design. One option is to
require `static this` to be `@trusted` instead of `@system` when it attempts to
initialize a non-`@system` variable.
--
