www.digitalmars.com         C & C++   DMDScript  

digitalmars.D.bugs - [Issue 2412] New: Hole in type system: array conversion to supertypes

reply d-bugmail puremagic.com writes:
http://d.puremagic.com/issues/show_bug.cgi?id=2412

           Summary: Hole in type system: array conversion to supertypes
           Product: D
           Version: 1.035
          Platform: PC
        OS/Version: Windows
            Status: NEW
          Keywords: accepts-invalid, spec
          Severity: major
          Priority: P2
         Component: DMD
        AssignedTo: bugzilla digitalmars.com
        ReportedBy: fraserofthenight gmail.com


Automatic conversion of an array of a subtype to an array of its supertype
creates a hole in the type system (that is, you can get an invalid type without
doing any casting). Consider the following legal D code:

module bug;

class A { }
class X : A { void hello() { } }
class Y : A { }

void main()
{
    X[] xArray = new X[1];
    A[] aArray = xArray;
    aArray[0] = new Y();
    X x = xArray[0];       // Automatic conversion of Y -> X without cast
    x.hello();             // Likely segfault
}

The solution is to require an explicit cast from X[] to A[] (that is, any
subtype array to its supertype).


-- 
Oct 10 2008
next sibling parent d-bugmail puremagic.com writes:
http://d.puremagic.com/issues/show_bug.cgi?id=2412





------- Comment #1 from 2korden gmail.com  2008-10-10 05:18 -------
It was previously discussed in newsgroups and rejected as invalid, IIRC. I.e.
bug is on your side.

However, I totally agree that explicit cast is needed in this situation, as it
violates SafeD otherwise.


-- 
Oct 10 2008
prev sibling next sibling parent d-bugmail puremagic.com writes:
http://d.puremagic.com/issues/show_bug.cgi?id=2412





------- Comment #2 from fraserofthenight gmail.com  2008-10-10 06:15 -------
IIRC, in the most recent discussion, Walter/Andrei never commented. This is a
dangerous situation because it could easily crop up in a large codebase and be
_very_ hard to track down. It's also dangerous because the user would never
know they're doing something wrong (i.e. there's no indication of danger and no
uses of "unsafe" code like direct pointer use).


-- 
Oct 10 2008
prev sibling next sibling parent d-bugmail puremagic.com writes:
http://d.puremagic.com/issues/show_bug.cgi?id=2412


schveiguy yahoo.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |schveiguy yahoo.com




------- Comment #3 from schveiguy yahoo.com  2008-10-10 08:27 -------
I'd agree with this.  It is inconsistent with how a pointer to a class is
treated, which is essentially what an array of classes references is.

i.e.:

X x = new x;
A* a = &x; // fails to compile, requires cast.

Similarly, if I look at an array, it is a struct:

struct ArrayOfX
{
  X *ptr;
  uint length;
}

Casting this to:

struct ArrayOfA
{
  A *ptr;
  uint length;
}

Seems like you would theoretically have to go through the same cast as the code
I wrote above, casting an X* to an A*.

The only drawback of this is you cannot return covariant arrays, or allow a
subtype array to be used as the base type for a function call.  I would guess
this is a rare requirement.

One thing that should probably be allowed though in D2 is implicitly casting to
a const(A)[].  This would prevent such mistakes as you have outlined.  You can
still explicitly cast if needed.


-- 
Oct 10 2008
prev sibling parent d-bugmail puremagic.com writes:
http://d.puremagic.com/issues/show_bug.cgi?id=2412


terranium yandex.ru changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |DUPLICATE




------- Comment #4 from terranium yandex.ru  2008-10-10 09:04 -------


*** This bug has been marked as a duplicate of 2095 ***


-- 
Oct 10 2008