The following code can be compiled in dmd v2.067-devel-590d4a9 but it should not. ------ import std.variant; void main() @safe { auto foo() @system { return 3; } auto v = Variant(&foo); v(); // foo is called in safe code!? } ------ Currently whole part of std.variant is marked as trusted but it should not because the safety of the functions or methods in this module depends on the components which are stored in VariantN, Algebraic etc.
Yeah, only those parts of Variant that deal with casting between types should be considered as @trusted; it's a very bad idea to make a whole big block of code @trusted when its actual semantics depends on arbitrary template parameters.
Probably the most straightforward way to fix this bug is to remove @trusted: from the top of the module, and then incrementally add @trusted around the smallest possible code units until the Phobos test suite passes.
https://github.com/D-Programming-Language/phobos/pull/3227
Commit pushed to master at https://github.com/D-Programming-Language/phobos https://github.com/D-Programming-Language/phobos/commit/38a29b2d56e91404bfe860b54b699783347b0ea5 remove "@trusted:" from std.variant It's too broad. This fixes issue 13534 - std.variant can violate memory safety.
Commit pushed to dmd-cxx at https://github.com/dlang/phobos https://github.com/dlang/phobos/commit/38a29b2d56e91404bfe860b54b699783347b0ea5 remove "@trusted:" from std.variant