On Sunday, 19 May 2013 at 19:15:47 UTC, Andrei Alexandrescu wrote:
Oh, the good old "object of sufficient size". We know how to
fix that.
And no, putting nullcheck on access of field of sufficient
offset (as
propose dby Andrei) isn't enough because we have value types.
Consider :
S[BIG_NUMBER]* a;
auto s = &(*a[SLIGHTLY_BELLOW_CHECK_OFFSET]);
s.fieldAccess; // May not have enough offset to trigget null
check, but
still can be usnafe
See bug reports :
http://d.puremagic.com/issues/show_bug.cgi?id=3677
http://d.puremagic.com/issues/show_bug.cgi?id=5176
All of the above are variations on the "sufficiently large
object" theme.
Andrei
The code above never access a field with a sufficient offset to
trigger "sufficiently large runtime check". Obviously, in the
presented code the bug is trivial, but if the dereferences occurs
across several functions, this is doomed to fail.
The solutions are : prevent any conglomerate of value type to be
bigger than 4kb (the protection on OSX is 4kb) or put a null
check on every dereference in @safe code.
