On Monday, 22 May 2017 at 17:05:06 UTC, Stanislav Blinov wrote:
Considering that the core runtime component - the GC - is the
one that usually handles finalization, it follows that *GC
collection can never be @safe*. And since collection only
happens during allocation, it follows that allocation cannot be
@safe either. Nor can they be @trusted, because destructors are
effectively not restricted in any way.
This program, executed on my machine:
import std.stdio;
class Innocious
{
~this() @safe {}
}
class Malicious : Innocious
{
int[] data;
this() @safe
{
data = new int[1000000];
}
~this()
{
writeln(" Sure, here you go:");
writeln(" import std.random;");
writeln(" auto n = uniform(1, uint.max);");
writeln(" *(cast(int*)n) = 0xbadf00d;");
}
}
void important() @safe
{
writeln("I am working here, i'm not doing anything
dangerous...");
scope(exit) writeln("I'm good, no, I'm awesome. You can
trust me!");
writeln(" Good GC, would you kindly give me some room to
maneuver?");
int[] storage = new int[1000000];
/* do some calculations... */
}
void oblivious() @safe
{
Innocious i = new Malicious();
/* do something with i and then leave it for GC. */
}
void main()
{
oblivious();
important();
}
prints this:
I am working here, i'm not doing anything dangerous...
Good GC, would you kindly give me some room to maneuver?
Sure, here you go:
import std.random;
auto n = uniform(1, uint.max);
*(cast(int*)n) = 0xbadf00d;
I'm good, no, I'm awesome. You can trust me!