• d-bugmail puremagic.com (46/46) Oct 19 2018 https://issues.dlang.org/show_bug.cgi?id=19316

d-bugmail puremagic.com writes:

https://issues.dlang.org/show_bug.cgi?id=19316

          Issue ID: 19316
           Summary: GC runtime breaks  safe
           Product: D
           Version: D2
          Hardware: All
                OS: All
            Status: NEW
          Severity: major
          Priority: P1
         Component: druntime
          Assignee: nobody puremagic.com
          Reporter: stanislav.blinov gmail.com

Per  safe-ty rules,  safe functions shall not call  system functions.
Unfortunately, the GC may run finalizers during collection, even when that
collection is triggered from within  safe function:

import std.stdio;

class C {
    ~this() //  system!
     {
         printf("Called  system function\n");
     }
}

void safeFunc()  safe {
    auto a = new int[10^^6]; // 'new' may require collection
    // do 'safe' things with 'a'
}

void main() {
    new C;      // the object is no longer referenced, will be collected, i.e.
assume that this happened elsewhere in the program via last reference going out
of scope
    printf("Entering  safe function\n");
    safeFunc(); // if this triggers collection, it effectively calls  system
C.__dtor inside  safe safeFunc
    printf("Exited  safe function\n");
}

Output with default GC options:

Entering  safe function
Called  system function
Exited  safe function

Thus, arbitrary non- safe code may 'escape' into  safe context. This of course
applies to struct destructors as well.

This issue is made worse by the fact that the behavior is non-deterministic:
collection may or may not trigger depending on the GC state, destructor may or
may not be called depending on program state.

--