digitalmars.D.bugs - [Issue 23175] New: -preview=in silently adds possible stack memory
- d-bugmail puremagic.com (48/48) Jun 09 2022 https://issues.dlang.org/show_bug.cgi?id=23175
https://issues.dlang.org/show_bug.cgi?id=23175 Issue ID: 23175 Summary: -preview=in silently adds possible stack memory escape Product: D Version: D2 Hardware: All OS: All Status: NEW Keywords: safe, spec Severity: enhancement Priority: P1 Component: dmd Assignee: nobody puremagic.com Reporter: schveiguy gmail.com In the current specification, an `in` parameter is defined as equivalent to `const`, as long as you don't use the `-preview=in` switch. Consider this existing code, written with the assumption that `in` is `const`: ```d string foo(in string s) { return s; } ``` This code is perfectly valid, does not cause memory corruption, and is functionally equivalent to: ```d string foo(const string s) { return s; } ``` However, turn on `-preview=in`, and now the function implies that the `s` parameter is `scope`. Turn dip1000/dip25 on, and now, the compiler assumes that `s` is not returned, and so it can allocate an array literal on the stack: ```d auto s = foo(['a']); // s now points to temporary stack data that is out of scope. ``` However, without the preview switches, the compiler allocates the array on the heap. This can lead to memory corruption via dangling pointers in system code, that wasn't present without the preview switches. If preview in is going to change the semantics of parameters in a way that allows the compiler to introduce memory corruption, this usage *must* be warned about, either in the current compiler, or with an enabled switch (possibly dip1000), before it is turned on by default. --
Jun 09 2022