www.digitalmars.com         C & C++   DMDScript  

digitalmars.D - Memory corruption bug in struct dtor

reply "H. S. Teoh" <hsteoh quickfur.ath.cx> writes:
http://d.puremagic.com/issues/show_bug.cgi?id=9352

Seems like dtors are a minefield of hidden and dangerous bugs, due to
them not being used (and therefore tested) very often. :-/


T

-- 
Lawyer: (n.) An innocence-vending machine, the effectiveness of which
depends on how much money is inserted.
Jan 18 2013
next sibling parent reply "Adam D. Ruppe" <destructionator gmail.com> writes:
Note that upon further investigation, the problem seems to be 
more about delegates than dtors. The delegate can point to the 
wrong struct, or to locals instead of the struct... but you can 
"access" both; it compiles, but does the wrong thing.

We're talking in the bugzilla as well as here: 
https://github.com/robik/ConsoleD/issues/3
Jan 18 2013
parent "H. S. Teoh" <hsteoh quickfur.ath.cx> writes:
On Fri, Jan 18, 2013 at 09:49:34PM +0100, Adam D. Ruppe wrote:
 Note that upon further investigation, the problem seems to be more
 about delegates than dtors. The delegate can point to the wrong
 struct, or to locals instead of the struct... but you can "access"
 both; it compiles, but does the wrong thing.
 
 We're talking in the bugzilla as well as here:
 https://github.com/robik/ConsoleD/issues/3
Addendum: the latest git HEAD seems to have fixed the problem of the delegate context pointer being used for both locals and &this. But the problem of delegates pointing to invalidated stack variables still exists. T -- Programming is not just an act of telling a computer what to do: it is also an act of telling other programmers what you wished the computer to do. Both are important, and the latter deserves care. -- Andrew Morton
Jan 18 2013
prev sibling parent reply "Don" <don nospam.com> writes:
On Friday, 18 January 2013 at 20:14:23 UTC, H. S. Teoh wrote:
 http://d.puremagic.com/issues/show_bug.cgi?id=9352

 Seems like dtors are a minefield of hidden and dangerous bugs,
Yes. It's one of the worst areas. Postblit as well.
 due to
 them not being used (and therefore tested) very often. :-/
Not really. It's because it's an intrinsically difficult concept. The destructor is called at end-of-life of the struct. This means that in every possible part of the language, you have to know what the end-of-life is. So interaction with other parts of the language is inevitable, there's an explosion of special cases. (By contrast, something like 'pure' is a very simple language feature: you just need to iterate over all the code that's marked pure, and generate an error if you find anything that isn't pure).
Jan 22 2013
parent "bearophile" <bearophileHUGS lycos.com> writes:
Don:

 (By contrast, something like 'pure' is a very simple language 
 feature: you just need to iterate over all the code that's 
 marked pure, and generate an error if you find anything that 
 isn't pure).
D "pure" has required several iterations, and the design of its details is not finished yet (see Bugzilla)... Bye, bearophile
Jan 22 2013