Merge pull request #2990 from WalterBright/safeInvariant

RazvanN7 · web-flow · commit 856daab7b53f · 2021-04-12T13:45:49.000+08:00
add @safe restrictions on types with invariants
diff --git a/spec/declaration.dd b/spec/declaration.dd
@@ -467,14 +467,27 @@ $(GNAME VoidInitializer):
         used before it is set, undefined program behavior will result.
         )
 
-        $(UNDEFINED_BEHAVIOR If a void initialized variable's value is
-        used before it is set, the behavior is undefined.
+        $(IMPLEMENTATION_DEFINED If a void initialized variable's value is
+        used before it is set, its value is implementation defined.
 
         ---
-        void foo()
+        void bad()
         {
             int x = void;
-            writeln(x);  // will print garbage
+            writeln(x);  // print implementation defined value
+        }
+        ---
+        )
+
+        $(UNDEFINED_BEHAVIOR If a void initialized variable's value is
+        used before it is set, and the value is a reference, pointer or an instance
+        of a struct with an invariant, the behavior is undefined.
+
+        ---
+        void muchWorse()
+        {
+            char[] p = void;
+            writeln(p);  // may result in apocalypse
         }
         ---
         )
diff --git a/spec/function.dd b/spec/function.dd
@@ -3233,6 +3233,8 @@ $(H3 $(LNAME2 safe-functions, Safe Functions))
         $(LI No pointer arithmetic (including pointer indexing).)
         $(LI Cannot access unions that have pointers or references overlapping
         with other types.)
+        $(LI Cannot access unions that have fields with invariants overlapping
+        with other types.)
         $(LI Calling any $(RELATIVE_LINK2 system-functions, System Functions).)
         $(LI No catching of exceptions that are not derived from
         $(LINK2 https://dlang.org/phobos/object.html#.Exception, $(D class Exception)).)
@@ -3244,6 +3246,7 @@ $(H3 $(LNAME2 safe-functions, Safe Functions))
         $(LI Cannot access $(D __gshared) variables.)
         $(LI Cannot use $(D void) initializers for pointers.)
         $(LI Cannot use $(D void) initializers for class or interface references.)
+        $(LI Cannot use $(D void) initializers for types that have invariants.)
         )
 
         $(P When indexing or slicing an array, an out of bounds access
