On 10/18/2013 09:30 AM, Maxim Fomin wrote:
...
Nice collection.
// ---- Case 12. Breaking immutable via pure ---- //
import std.stdio;
import core.memory;
class A
{
int *ptr;
~this()
{
(*ptr)++;
}
}
pure foo()
{
A a = new A;
int* ptr = new int;
a.ptr = ptr;
a = null;
return ptr;
}
void main()
{
immutable int* ptr = foo();
writeln(*ptr); // 0
GC.collect();
writeln(*ptr); // 1
}
The latest bug is nice, because after 2.063 Kenji has fixed the
language, improving consistency of calling immutable/const qualified
constructors, but allowed to cast return value of pure function to
immutable because there was belief that inside purity function value
cannot escape. Such ideom was advertised several times in this
newsgroups. It appears that idea is not reliable.
It's no less of a design issue, but the main problem is actually that
class destructors are unsafe in general.
import core.memory;
class A{
int *ptr;
this(immutable int* ptr)immutable{ this.ptr = ptr; }
~this(){
(*ptr)++;
}
}
immutable y = 2;
void main(){
auto x = new immutable(A)(&y);
GC.collect();
assert(*&y==y); // fails
}
Of course, @safe implicit conversions to immutable do not simplify any
attempt to solve this, but the feature is not essential to the problem.
Probably there are other cases.
tl;dr do not take into account D' type system and safety seriously.
Your other examples are just DMD bugs afaics. (With the possible
exception of delegate context pointer memory safety, but that is a
simple fix.)
