← Back to index | Original Bugzilla link

Bug 10376 – Mutable field initializer reference is accessible through immutable aggregate

Status: NEW
Severity: major
Priority: P2
Component: dmd
Product: D
Version: D2
Platform: All
OS: All
Creation time: 2013-06-16T04:36:52Z
Last change time: 2024-12-13T18:08:19Z
Keywords: pull, safe
Assigned to: No Owner
Creator: timon.gehr
See also: https://issues.dlang.org/show_bug.cgi?id=2947

Comments

Comment #0 by timon.gehr — 2013-06-16T04:36:52Z

DMD 2.063: class C{ int[] x=[1,2,3]; } void main(){ auto c = new immutable(C)(); auto d = new C(); static assert(is(typeof(c.x[0])==immutable)); assert(c.x[0]==1); d.x[0]=2; assert(c.x[0]==2); }

Comment #1 by timon.gehr — 2013-06-16T04:39:37Z

This could be fixed by having two versions of C.x, one in the writable and one in the non-writable data segment.

Comment #2 by peter.alexander.au — 2013-06-16T07:27:41Z

Surely the bigger bug here is that they share the same array, regardless of mutability? I would expect each instance of C to default with a new array.

Comment #3 by timon.gehr — 2013-06-16T10:49:40Z

(In reply to comment #2) > Surely the bigger bug here is that they share the same array, regardless of > mutability? There is in fact an issue related to this: http://d.puremagic.com/issues/show_bug.cgi?id=2947 If it is valid, then this can be treated as a duplicate, but the spec is silent about it. OTOH, the spec states that immutable memory does not change during its lifetime, legitimizing this report. > I would expect each instance of C to default with a new array. Currently, there is one static init block that is blitted over the class memory before the constructor is called. What you suggest would IMO be another valid way to resolve this issue.

Comment #4 by secondaryAccount — 2015-06-13T17:50:39Z

This seems to be a general problem with default initialised variables, not only arrays declared classes: http://forum.dlang.org/thread/[email protected]#post-klfhepckofdbsakmjafq:40forum.dlang.org still valid issue with 2.067.

Comment #5 by andrei — 2015-10-21T12:32:22Z

The quickest way to stop the bleeding is to disallow the code. It's incorrect for immutable data and misleading for mutable data. (What an user might expect is that each data comes with a distinct array.)

Comment #6 by issues.dlang — 2015-10-21T23:23:44Z

This should be legal if the member variable is initialized with an immutable value, since that doesn't create any holes in the type system. In fact, if it weren't for issue# 12624, SysTime would have a default value for its timezone which was immutable (with timezone being Rebindable!(immutable TimeZone) ). But of course that requires that the member variable either be immutable or something like Rebindable, immutable(T)*, or immutable(T)[] which can point/refer to an immutable value but is not itself immutable. However, it's definitely the case that this should be disallowed when the initializer is mutable, and while it _could_ work with a const initializer under some set of circumstances, it's way simpler to just disallow it.

Comment #7 by dlang-bot — 2024-03-30T18:01:00Z

@ntrel updated dlang/dmd pull request #16347 "Require @system for field initializers with mutable reference types" fixing this issue: - Require @system for field initializers with mutable reference types Enabled with -preview=unsafeFieldInit. Fixes Bugzilla 10376 - Mutable field initializer reference is accessible through immutable aggregate https://github.com/dlang/dmd/pull/16347

Comment #8 by nick — 2024-06-07T10:04:30Z

*** Issue 15612 has been marked as a duplicate of this issue. ***

Comment #9 by robert.schadek — 2024-12-13T18:08:19Z

THIS ISSUE HAS BEEN MOVED TO GITHUB https://github.com/dlang/dmd/issues/18611 DO NOT COMMENT HERE ANYMORE, NOBODY WILL SEE IT, THIS ISSUE HAS BEEN MOVED TO GITHUB