D issues are now tracked on GitHub. This Bugzilla instance remains as a read-only archive.
Issue 22215 - returning expired stack pointers in @system code allowed by spec, not by implementation
Summary: returning expired stack pointers in @system code allowed by spec, not by impl...
Status: RESOLVED FIXED
Alias: None
Product: D
Classification: Unclassified
Component: dlang.org (show other issues)
Version: D2
Hardware: All All
: P1 minor
Assignee: No Owner
URL:
Keywords: pull, safe
Depends on:
Blocks:
 
Reported: 2021-08-16 15:02 UTC by Ate Eskola
Modified: 2022-03-08 11:06 UTC (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description Ate Eskola 2021-08-16 15:02:41 UTC 
This does not compile with -dip1000:

```
int* f()
{ int x = 42;
  return &x;
}
```

There is a workaround that compiles:

```
int* f()
{ int x = 42;
  auto wannaBePointer = cast(size_t)&x;
  return cast(typeof(return)) wannaBePointer;
}
```

But according to the spec, only `@safe` code must analyzed with -dip1000 so this workaround should not be required.
Comment 1 Dennis 2021-08-16 19:55:37 UTC 
It doesn't compile without -dip1000 either, the error predates it.

> this workaround should not be required.

Intentionally returning an expired stack pointer should be a very rare occurrence, I think a workaround is warranted. However, the spec says:

> @system functions may perform any operation legal from the perspective of the language including inherently memory unsafe operations like returning pointers to expired stackframes

https://dlang.org/spec/memory-safe-d.html

So at least one has to change: the implementation, or the spec.
Comment 2 Ate Eskola 2021-08-25 17:07:57 UTC 
There appears to be two bugs, one in vanilla DMD and one with -dip1000.

As Dennis said, my initial example fails to compile regardless of the compiler switches used. But there is a watered-down version of my workaround:

```d
int* f()
{ int x = 42;
  auto wannaBePointer = &x;
  return wannaBePointer;
}
```

This one compiles with vanilla DMD, but the -dip1000 bug prevents compiling it with the said flag.

The full workaround in the initial example still compiles with the flag too.
Comment 3 Dennis 2021-08-25 18:24:03 UTC 
(In reply to Ate Eskola from comment #2)
> There appears to be two bugs, one in vanilla DMD and one with -dip1000.

That's right, the latter one is https://issues.dlang.org/show_bug.cgi?id=19873
Comment 4 Walter Bright 2022-02-17 07:59:27 UTC 
We shouldn't fix this. It's such an easy mistake to make, with terrible consequences. Allowing the wannaBePointer workaround is good enough.

Downgraded this to 'minor'.

Probably an adjustment to the spec would be better.
Comment 5 Walter Bright 2022-02-17 08:03:12 UTC 
Changed it to a spec bug.
Comment 6 Dlang Bot 2022-03-07 16:33:14 UTC 
@dkorpel created dlang/dlang.org pull request #3246 "Fix issue 22215 - returning expired stack pointers in `@system` code …" fixing this issue:

- Fix issue 22215 - returning expired stack pointers in `@system` code allowed by spec, not by implementation

https://github.com/dlang/dlang.org/pull/3246
Comment 7 Dlang Bot 2022-03-08 11:06:31 UTC 
dlang/dlang.org pull request #3246 "Fix issue 22215 - returning expired stack pointers in `@system` code …" was merged into master:

- 0e09baaf7bb31a3eaea6fb28359d11cc8a20276f by Dennis Korpel:
  Fix issue 22215 - returning expired stack pointers in `@system` code allowed by spec, not by implementation

https://github.com/dlang/dlang.org/pull/3246