The following program compiles and runs without error. Memory corruption happens in bar() because the context for the delegate stored in globalDg never gets copied to the heap, due to the 'scope' storage class being used in call(). @safe: void delegate() globalDg; void call(scope void delegate() @safe dg) { dg(); // Don't tell anyone, but I'm saving this for later ;) globalDg = dg; } void foo() { int i; void izero() { i = 0; } call(&izero); assert (i == 0); } void bar() { int x = 123; // Simply calling some function cannot possibly // do anything to x... globalDg(); // ...or can it? assert (x == 0); } void main() { foo(); bar(); }
This now compiles & runs successfully.
The issue is that "it compiles and runs without error". (the second assertion asserts that there is memory corruption) The compiler has to either: - enforce the 'scope' storage class in @safe mode by flow-analysis. - not perform the scope delegate optimization in @safe mode. Change the second assertion to 'assert (x == 123);' to see the error.
*** Issue 13085 has been marked as a duplicate of this issue. ***
Another failing case that illustrates the problem: ------ int delegate() globDg; void func(scope int delegate() dg) { globDg = dg; // should be rejected but isn't globDg(); } void sub() { int x; func(() { return ++x; }); } void trashme() { import std.stdio; writeln(globDg()); // prints garbage } void main() { sub(); trashme(); } ------
Removing 'scope' from func's parameter fixes the problem, since the compiler will then allocate x on the heap instead of the stack.
(In reply to hsteoh from comment #4) > Another failing case that illustrates the problem: > ------ > int delegate() globDg; > > void func(scope int delegate() dg) { > globDg = dg; // should be rejected but isn't > globDg(); > } Annotating func() with @safe results in: test3.d(4): Error: scope variable dg assigned to non-scope globDg with Pull Request: https://github.com/dlang/dmd/pull/5972 This check is limited to @safe code to avoid breaking too much existing code.
(In reply to timon.gehr from comment #2) > The issue is that "it compiles and runs without error". (the second > assertion asserts that there is memory corruption) The compiler has to > either: > > - enforce the 'scope' storage class in @safe mode by flow-analysis. > - not perform the scope delegate optimization in @safe mode. > > Change the second assertion to 'assert (x == 123);' to see the error. Pull https://github.com/dlang/dmd/pull/5972 now causes: test3.d(9): Error: scope variable dg assigned to non-scope globalDg
This can be closed once 5972 is pulled.
(In reply to Walter Bright from comment #8) > This can be closed once 5972 is pulled. It was pulled.
(In reply to Walter Bright from comment #6) > This check is limited to @safe code to avoid breaking too much existing code. For the record: escaping scoped data should stay allowed is unsafe code, it's a useful pattern, the code would just respect scoping manually.