Bug 15399 – unaligned pointers are not @safe

This @safe program produces dangling GC pointers by storing the only references to them in an unaligned struct field: //////////////////////////////// test.d //////////////////////////////// @safe: struct Victim { bool alive = true; ~this() { alive = false; } } align(1) struct Unaligned { align(1): ubyte filler; Victim* p; } pragma(msg, Unaligned.sizeof); void main() { enum N = 100; Unaligned[N] hosts; foreach (n; 0..N) { hosts[n].p = new Victim; assert(hosts[n].p.alive); } // Unaligned.p is invisible to the GC due to alignment void trustedCollect() @trusted { import core.memory; GC.collect(); } trustedCollect(); foreach (n; 0..N) assert(hosts[n].p.alive); // Dangling pointer! } ////////////////////////////////////////////////////////////////////////

One option is to ban unaligned pointer members altogether. It could still be done by casting to size_t, so I don't think we'd be losing much.

Commits pushed to master at https://github.com/dlang/dmd https://github.com/dlang/dmd/commit/a294c6e774fb2d0b40b453f2ff9896b7f99e027f fix Issue 15399 - unaligned pointers are not @safe https://github.com/dlang/dmd/commit/077a2d729149945ca7fc704423bdb3c9fca3ab50 Merge pull request #5852 from WalterBright/fix15399 fix Issue 15399 - unaligned pointers are not @safe

Commits pushed to stable at https://github.com/dlang/dmd https://github.com/dlang/dmd/commit/a294c6e774fb2d0b40b453f2ff9896b7f99e027f fix Issue 15399 - unaligned pointers are not @safe https://github.com/dlang/dmd/commit/077a2d729149945ca7fc704423bdb3c9fca3ab50 Merge pull request #5852 from WalterBright/fix15399

Reopening because these very slight variations are still accepted: 1) hosts[n] = Unaligned(0, new Victim); 2) Unaligned u = { p: new Victim }; hosts[n] = u;

(In reply to ag0aep6g from comment #5) > Reopening because these very slight variations are still accepted: > > 1) hosts[n] = Unaligned(0, new Victim); > 2) Unaligned u = { p: new Victim }; hosts[n] = u; I don't know what that means. Can you please post a complete example?

(In reply to Walter Bright from comment #6) > (In reply to ag0aep6g from comment #5) > > Reopening because these very slight variations are still accepted: > > > > 1) hosts[n] = Unaligned(0, new Victim); > > 2) Unaligned u = { p: new Victim }; hosts[n] = u; > > I don't know what that means. Can you please post a complete example? //////////////////////////////// test.d //////////////////////////////// @safe: struct Victim { bool alive = true; ~this() { alive = false; } } align(1) struct Unaligned { align(1): ubyte filler; Victim* p; } pragma(msg, Unaligned.sizeof); void main() { enum N = 100; Unaligned[N] hosts; foreach (n; 0..N) { version (original) hosts[n].p = new Victim; else version (variation1) hosts[n] = Unaligned(0, new Victim); else version (variation2) { Unaligned u = { p: new Victim }; hosts[n] = u; } else static assert(false); assert(hosts[n].p.alive); } // Unaligned.p is invisible to the GC due to alignment void trustedCollect() @trusted { import core.memory; GC.collect(); } trustedCollect(); foreach (n; 0..N) assert(hosts[n].p.alive); // Dangling pointer! } //////////////////////////////////////////////////////////////////////// These should all fail with the same error: dmd -version=original test.d dmd -version=variation1 test.d dmd -version=variation2 test.d The different versions effectively do the same thing, just with different syntax.

(In reply to ag0aep6g from comment #5) > Reopening because these very slight variations are still accepted: Since the original bug was fixed, I'd prefer opening new bugs for new problems, not reopening fixed bugs with variations.

Closed and new bug created for variations: https://issues.dlang.org/show_bug.cgi?id=18597