← Back to index | Original Bugzilla link

Bug 12885 – const union wrongly converts implicitly to mutable

Status: RESOLVED
Resolution: FIXED
Severity: major
Priority: P2
Component: dmd
Product: D
Version: D2
Platform: All
OS: All
Creation time: 2014-06-09T23:36:01Z
Last change time: 2024-06-20T10:04:17Z
Keywords: accepts-invalid, pull, safe
Assigned to: No Owner
Creator: Nils
Depends on: 12883
See also: https://issues.dlang.org/show_bug.cgi?id=12883, https://issues.dlang.org/show_bug.cgi?id=19256, https://issues.dlang.org/show_bug.cgi?id=11257

Comments

Comment #0 by nilsbossung — 2014-06-09T23:36:01Z

--- union U { int i; int* p; } void main() { const U c; U m = c; } --- This has been enabled by the fix to issue 11257. I think this behaviour is not acceptable. The change has been made to "allow const(Rebindable) to Rebindable conversion". I think this should be implemented in Rebindable itself, as that's the place where we can give the guarantee not to alter the wrapped const/immutable data. alias this can be used for this once issue 12883 is fixed.

Comment #1 by nilsbossung — 2014-06-24T19:14:03Z

As issue 12883 has been closed as invalid, I don't have a plan how to go about this. Unassigning from me.

Comment #2 by default_357-line — 2018-09-21T09:04:47Z

I just ran into this. This bug breaks std.json quite badly: see https://issues.dlang.org/show_bug.cgi?id=19256 , in which const(JSONValue) implicitly converts to JSONValue, allowing us to mutate JSON objects via a const parameter. This is definitely unacceptable.

Comment #3 by code — 2018-11-01T11:38:48Z

I don't fully agree with the reasoning in issue 11257. It seems like casts could be used to bypass const checks for implementations of Rebindable et.al.

Comment #4 by bugzilla — 2018-12-16T09:55:39Z

Martin is right.

Comment #5 by bugzilla — 2018-12-16T09:58:39Z

https://github.com/dlang/dmd/pull/9061

Comment #6 by schveiguy — 2022-05-15T01:51:27Z

I just ran into this, with vibe.d Json type. Well, not a problem exactly, I just noticed I happened to be stripping const by accident, and it alarmed me that the compiler lets you get away with it. I will note that this fails: ```d union U { int *p; int i; } void main() { const U c; U m = c; } ``` I see no reason why this should fail but the other should not, the inconsistency itself is a problem. But beyond that, I will note that a struct that contains such an overlapping is convertible from const to mutable in @safe code. This in itself isn't a problem since you can't access the pointer value in @safe code. But surely if you wanted to provide access for @safe callers (like, for a tagged union, like Json), there would be trusted escapes, and those would surely not expect an implicit conversion of a const pointer to a mutable pointer.

Comment #7 by Ajieskola — 2022-05-19T07:35:16Z

As a hole in the type system that allows undefined behaviour in @safe code, I think this needs higher severity. Increasing to major.

Comment #8 by schveiguy — 2022-05-19T14:27:32Z

Also added safe tag.

Comment #9 by dlang-bot — 2024-06-17T20:11:50Z

@ntrel created dlang/dmd pull request #16594 "Fix Bugzilla 12885 - const union wrongly converts implicitly to mutable" fixing this issue: - Fix Bugzilla 12885 - const union wrongly converts implicitly to mutable https://github.com/dlang/dmd/pull/16594

Comment #10 by dlang-bot — 2024-06-20T10:04:17Z

dlang/dmd pull request #16594 "Fix Bugzilla 12885 - const union wrongly converts implicitly to mutable" was merged into master: - 7531b1ae708a478900984734aec044d4dd38379c by Nick Treleaven: Fix Bugzilla 12885 - const union wrongly converts implicitly to mutable https://github.com/dlang/dmd/pull/16594