• d-bugmail puremagic.com (44/44) Dec 04 2021 https://issues.dlang.org/show_bug.cgi?id=22569

d-bugmail puremagic.com writes:

https://issues.dlang.org/show_bug.cgi?id=22569

          Issue ID: 22569
           Summary: emplace silently escapes  safe
           Product: D
           Version: D2
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P1
         Component: druntime
          Assignee: nobody puremagic.com
          Reporter: stanislav.blinov gmail.com

void* global;

 safe void main()
{
    import core.lifetime : emplace;
    int local;
    emplace(&global, &local); // this compiles, even with dip1000
    global = &local; // this does not, as well it shouldn't
}

---

A more generic example:

struct Escapist
{
    void* p;
    this()(return scope void* p) { this.p = p; }
}

Escapist escape;

 safe void main()
{
    int value;
    import core.lifetime : emplace;
    emplace(&escape, &value); // compiles
    escape.__ctor(&value); // does not compile
}

---

Problem is, `emplace` is supposed to initialize the uninitialized, and with
current rules there doesn't seem to be a way to make it infer correctly when
pointers are involved. You can make a version that takes a generator (i.e. a
lazy or a scope delegate), but you do need a cast to call the target ctor, and
that cast, having to be lowered from  safe to  trusted, loses lifetime
information.

--