2 * Most of the logic to implement scoped pointers and scoped references is here.
4 * Copyright: Copyright (C) 1999-2023 by The D Language Foundation, All Rights Reserved
5 * Authors: $(LINK2 https://www.digitalmars.com, Walter Bright)
6 * License: $(LINK2 https://www.boost.org/LICENSE_1_0.txt, Boost License 1.0)
7 * Source: $(LINK2 https://github.com/dlang/dmd/blob/master/src/dmd/escape.d, _escape.d)
8 * Documentation: https://dlang.org/phobos/dmd_escape.html
9 * Coverage: https://codecov.io/gh/dlang/dmd/src/master/src/dmd/escape.d
14 import core.stdc.stdio : printf;
15 import core.stdc.stdlib;
16 import core.stdc.string;
22 import dmd.declaration;
26 import dmd.expression;
30 import dmd.identifier;
35 import dmd.root.rootobject;
38 import dmd.arraytypes;
40 /// Groups global state for escape checking together
41 package(dmd) struct EscapeState
43 // Maps `sequenceNumber` of a `VarDeclaration` to an object that contains the
44 // reason it failed to infer `scope`
45 // https://issues.dlang.org/show_bug.cgi?id=23295
46 private __gshared RootObject[int] scopeInferFailure;
48 /// Called by `initDMD` / `deinitializeDMD` to reset global state
51 scopeInferFailure = null;
55 /******************************************************
56 * Checks memory objects passed to a function.
57 * Checks that if a memory object is passed by ref or by pointer,
58 * all of the refs or pointers are const, or there is only one mutable
59 * ref or pointer to it.
63 * sc = used to determine current function and module
64 * fd = function being called
66 * ethis = if not null, the `this` pointer
67 * arguments = actual arguments to function
68 * gag = do not print error messages
72 bool checkMutableArguments(Scope* sc, FuncDeclaration fd, TypeFunction tf,
73 Expression ethis, Expressions* arguments, bool gag)
76 if (log) printf("[%s] checkMutableArguments, fd: `%s`\n", fd.loc.toChars(), fd.toChars());
77 if (log && ethis) printf("ethis: `%s`\n", ethis.toChars());
80 /* Outer variable references are treated as if they are extra arguments
81 * passed by ref to the function (which they essentially are via the static link).
83 VarDeclaration[] outerVars = fd ? fd.outerVars[] : null;
85 const len = arguments.length + (ethis !is null) + outerVars.length;
92 Parameter param; // null if no Parameter for this argument
93 bool isMutable; // true if reference to mutable
96 auto escapeBy = new EscapeBy[len];
97 const paramLength = tf.parameterList.length;
99 // Fill in escapeBy[] with arguments[], ethis, and outerVars[]
100 foreach (const i, ref eb; escapeBy)
104 if (i < arguments.length)
106 arg = (*arguments)[i];
109 eb.param = tf.parameterList[i];
110 refs = eb.param.isReference();
111 eb.isMutable = eb.param.isReferenceToMutable(arg.type);
117 eb.isMutable = arg.type.isReferenceToMutable();
122 /* ethis is passed by value if a class reference,
123 * by ref if a struct value
127 auto ad = fd.isThis();
130 if (ad.isClassDeclaration())
133 eb.isMutable = arg.type.isReferenceToMutable();
137 assert(ad.isStructDeclaration());
139 eb.isMutable = arg.type.isMutable();
144 // outer variables are passed by ref
147 auto var = outerVars[i - (len - outerVars.length)];
148 eb.isMutable = var.type.isMutable();
149 eb.er.pushRef(var, false);
154 escapeByRef(arg, &eb.er);
156 escapeByValue(arg, &eb.er);
159 void checkOnePair(size_t i, ref EscapeBy eb, ref EscapeBy eb2,
160 VarDeclaration v, VarDeclaration v2, bool of)
162 if (log) printf("v2: `%s`\n", v2.toChars());
165 //printf("v %d v2 %d\n", eb.isMutable, eb2.isMutable);
166 if (!(eb.isMutable || eb2.isMutable))
169 if (!tf.islive && !(global.params.useDIP1000 == FeatureState.enabled && sc.func && sc.func.setUnsafe()))
174 // int i; funcThatEscapes(ref int i);
175 // funcThatEscapes(i); // error escaping reference _to_ `i`
176 // int* j; funcThatEscapes2(int* j);
177 // funcThatEscapes2(j); // error escaping reference _of_ `i`
178 const(char)* referenceVerb = of ? "of" : "to";
179 const(char)* msg = eb.isMutable && eb2.isMutable
180 ? "more than one mutable reference %s `%s` in arguments to `%s()`"
181 : "mutable and const references %s `%s` in arguments to `%s()`";
182 error((*arguments)[i].loc, msg,
185 fd ? fd.toPrettyChars() : "indirectly");
190 void escape(size_t i, ref EscapeBy eb, bool byval)
192 foreach (VarDeclaration v; byval ? eb.er.byvalue : eb.er.byref)
196 const(char)* by = byval ? "byval" : "byref";
197 printf("%s %s\n", by, v.toChars());
199 if (byval && !v.type.hasPointers())
201 foreach (ref eb2; escapeBy[i + 1 .. $])
203 foreach (VarDeclaration v2; byval ? eb2.er.byvalue : eb2.er.byref)
205 checkOnePair(i, eb, eb2, v, v2, byval);
210 foreach (const i, ref eb; escapeBy[0 .. $ - 1])
213 escape(i, eb, false);
219 /******************************************
220 * Array literal is going to be allocated on the GC heap.
221 * Check its elements to see if any would escape by going on the heap.
223 * sc = used to determine current function and module
224 * ae = array literal expression
225 * gag = do not print error messages
227 * `true` if any elements escaped
229 bool checkArrayLiteralEscape(Scope *sc, ArrayLiteralExp ae, bool gag)
233 errors = checkNewEscape(sc, ae.basis, gag);
234 foreach (ex; *ae.elements)
237 errors |= checkNewEscape(sc, ex, gag);
242 /******************************************
243 * Associative array literal is going to be allocated on the GC heap.
244 * Check its elements to see if any would escape by going on the heap.
246 * sc = used to determine current function and module
247 * ae = associative array literal expression
248 * gag = do not print error messages
250 * `true` if any elements escaped
252 bool checkAssocArrayLiteralEscape(Scope *sc, AssocArrayLiteralExp ae, bool gag)
255 foreach (ex; *ae.keys)
258 errors |= checkNewEscape(sc, ex, gag);
260 foreach (ex; *ae.values)
263 errors |= checkNewEscape(sc, ex, gag);
269 * A `scope` variable was assigned to non-scope parameter `v`.
270 * If applicable, print why the parameter was not inferred `scope`.
273 * printFunc = error/deprecation print function to use
274 * v = parameter that was not inferred
275 * recursionLimit = recursion limit for printing the reason
277 void printScopeFailure(E)(E printFunc, VarDeclaration v, int recursionLimit)
280 if (recursionLimit < 0 || !v)
283 if (RootObject* o = v.sequenceNumber in EscapeState.scopeInferFailure)
285 switch ((*o).dyncast())
287 case DYNCAST.expression:
288 Expression e = cast(Expression) *o;
289 printFunc(e.loc, "which is not `scope` because of `%s`", e.toChars());
291 case DYNCAST.dsymbol:
292 VarDeclaration v1 = cast(VarDeclaration) *o;
293 printFunc(v1.loc, "which is assigned to non-scope parameter `%s`", v1.toChars());
294 printScopeFailure(printFunc, v1, recursionLimit);
302 /****************************************
303 * Function parameter `par` is being initialized to `arg`,
304 * and `par` may escape.
305 * Detect if scoped values can escape this way.
306 * Print error messages when these are detected.
308 * sc = used to determine current function and module
309 * fdc = function being called, `null` if called indirectly
310 * parId = name of function parameter for error messages
311 * vPar = `VarDeclaration` corresponding to `par`
312 * parStc = storage classes of function parameter (may have added `scope` from `pure`)
313 * arg = initializer for param
314 * assertmsg = true if the parameter is the msg argument to assert(bool, msg).
315 * gag = do not print error messages
317 * `true` if pointers to the stack can escape via assignment
319 bool checkParamArgumentEscape(Scope* sc, FuncDeclaration fdc, Identifier parId, VarDeclaration vPar, STC parStc, Expression arg, bool assertmsg, bool gag)
322 if (log) printf("checkParamArgumentEscape(arg: %s par: %s)\n",
323 arg ? arg.toChars() : "null",
324 parId ? parId.toChars() : "null");
325 //printf("type = %s, %d\n", arg.type.toChars(), arg.type.hasPointers());
327 if (!arg.type.hasPointers())
332 escapeByValue(arg, &er);
334 if (parStc & STC.scope_)
336 // These errors only apply to non-scope parameters
337 // When the paraneter is `scope`, only `checkScopeVarAddr` on `er.byref` is needed
339 er.byvalue.setDim(0);
343 if (!er.byref.length && !er.byvalue.length && !er.byfunc.length && !er.byexp.length)
348 /* 'v' is assigned unsafely to 'par'
350 void unsafeAssign(string desc)(VarDeclaration v)
354 result |= sc.setUnsafeDIP1000(gag, arg.loc,
355 desc ~ " `%s` assigned to non-scope parameter calling `assert()`", v);
359 bool isThis = fdc && fdc.needThis() && fdc.vthis == vPar; // implicit `this` parameter to member function
362 (isThis) ? (desc ~ " `%s` calling non-scope member function `%s.%s()`") :
363 (fdc && parId) ? (desc ~ " `%s` assigned to non-scope parameter `%s` calling `%s`") :
364 (fdc && !parId) ? (desc ~ " `%s` assigned to non-scope anonymous parameter calling `%s`") :
365 (!fdc && parId) ? (desc ~ " `%s` assigned to non-scope parameter `%s`") :
366 (desc ~ " `%s` assigned to non-scope anonymous parameter");
369 sc.setUnsafeDIP1000(gag, arg.loc, msg, arg, fdc.toParent2(), fdc) :
370 sc.setUnsafeDIP1000(gag, arg.loc, msg, v, parId ? parId : fdc, fdc))
373 printScopeFailure(previewSupplementalFunc(sc.isDeprecated(), global.params.useDIP1000), vPar, 10);
377 foreach (VarDeclaration v; er.byvalue)
379 if (log) printf("byvalue %s\n", v.toChars());
383 Dsymbol p = v.toParent2();
385 notMaybeScope(v, vPar);
389 unsafeAssign!"scope variable"(v);
391 else if (v.isTypesafeVariadicArray && p == sc.func)
393 unsafeAssign!"variadic variable"(v);
397 foreach (VarDeclaration v; er.byref)
399 if (log) printf("byref %s\n", v.toChars());
403 Dsymbol p = v.toParent2();
405 notMaybeScope(v, arg);
406 if (checkScopeVarAddr(v, arg, sc, gag))
412 if (p == sc.func && !(parStc & STC.scope_))
414 unsafeAssign!"reference to local variable"(v);
419 foreach (FuncDeclaration fd; er.byfunc)
421 //printf("fd = %s, %d\n", fd.toChars(), fd.tookAddressOf);
422 VarDeclarations vars;
423 findAllOuterAccessedVariables(fd, &vars);
427 //printf("v = %s\n", v.toChars());
428 assert(!v.isDataseg()); // these are not put in the closureVars[]
430 Dsymbol p = v.toParent2();
432 notMaybeScope(v, arg);
434 if ((v.isReference() || v.isScope()) && p == sc.func)
436 unsafeAssign!"reference to local"(v);
445 foreach (Expression ee; er.byexp)
447 const(char)* msg = parId ?
448 "reference to stack allocated value returned by `%s` assigned to non-scope parameter `%s`" :
449 "reference to stack allocated value returned by `%s` assigned to non-scope anonymous parameter";
451 result |= sc.setUnsafeDIP1000(gag, ee.loc, msg, ee, parId);
457 /*****************************************************
458 * Function argument initializes a `return` parameter,
459 * and that parameter gets assigned to `firstArg`.
460 * Essentially, treat as `firstArg = arg;`
462 * sc = used to determine current function and module
463 * firstArg = `ref` argument through which `arg` may be assigned
464 * arg = initializer for parameter
465 * param = parameter declaration corresponding to `arg`
466 * gag = do not print error messages
468 * `true` if assignment to `firstArg` would cause an error
470 bool checkParamArgumentReturn(Scope* sc, Expression firstArg, Expression arg, Parameter param, bool gag)
473 if (log) printf("checkParamArgumentReturn(firstArg: %s arg: %s)\n",
474 firstArg.toChars(), arg.toChars());
475 //printf("type = %s, %d\n", arg.type.toChars(), arg.type.hasPointers());
477 if (!(param.storageClass & STC.return_))
480 if (!arg.type.hasPointers() && !param.isReference())
483 // `byRef` needed for `assign(ref int* x, ref int i) {x = &i};`
484 // Note: taking address of scope pointer is not allowed
485 // `assign(ref int** x, return ref scope int* i) {x = &i};`
486 // Thus no return ref/return scope ambiguity here
487 const byRef = param.isReference() && !(param.storageClass & STC.scope_)
488 && !(param.storageClass & STC.returnScope); // fixme: it's possible to infer returnScope without scope with vaIsFirstRef
490 auto e = new AssignExp(arg.loc, firstArg, arg);
491 return checkAssignEscape(sc, e, gag, byRef);
494 /*****************************************************
495 * Check struct constructor of the form `s.this(args)`, by
496 * checking each `return` parameter to see if it gets
499 * sc = used to determine current function and module
500 * ce = constructor call of the form `s.this(args)`
501 * gag = do not print error messages
503 * `true` if construction would cause an escaping reference error
505 bool checkConstructorEscape(Scope* sc, CallExp ce, bool gag)
508 if (log) printf("checkConstructorEscape(%s, %s)\n", ce.toChars(), ce.type.toChars());
509 Type tthis = ce.type.toBasetype();
510 assert(tthis.ty == Tstruct);
511 if (!tthis.hasPointers())
514 if (!ce.arguments && ce.arguments.length)
517 DotVarExp dve = ce.e1.isDotVarExp();
518 CtorDeclaration ctor = dve.var.isCtorDeclaration();
519 TypeFunction tf = ctor.type.isTypeFunction();
521 const nparams = tf.parameterList.length;
522 const n = ce.arguments.length;
524 // j=1 if _arguments[] is first argument
525 const j = tf.isDstyleVariadic();
527 /* Attempt to assign each `return` arg to the `this` reference
529 foreach (const i; 0 .. n)
531 Expression arg = (*ce.arguments)[i];
532 //printf("\targ[%d]: %s\n", i, arg.toChars());
534 if (i - j < nparams && i >= j)
536 Parameter p = tf.parameterList[i - j];
537 if (checkParamArgumentReturn(sc, dve.e1, arg, p, gag))
545 /// How a `return` parameter escapes its pointer value
548 returnVal, /// through return statement: `return x`
549 this_, /// assigned to a struct instance: `this.x = x`
550 firstArg, /// assigned to first argument: `firstArg = x`
553 /****************************************
554 * Find out if instead of returning a `return` parameter via a return statement,
555 * it is returned via assignment to either `this` or the first parameter.
557 * This works the same as returning the value via a return statement.
558 * Although the first argument must be `ref`, it is not regarded as returning by `ref`.
560 * See_Also: https://dlang.org.spec/function.html#return-ref-parameters
564 * tthis = type of `this` parameter, or `null` if none
565 * Returns: What a `return` parameter should transfer the lifetime of the argument to
567 ReturnParamDest returnParamDest(TypeFunction tf, Type tthis)
571 return ReturnParamDest.this_;
573 if (!tf.nextOf() || (tf.nextOf().ty != Tvoid))
574 return ReturnParamDest.returnVal;
576 if (tthis && tthis.toBasetype().ty == Tstruct) // class `this` is passed by value
577 return ReturnParamDest.this_;
579 if (tf.parameterList.length > 0 && tf.parameterList[0].isReference)
580 return ReturnParamDest.firstArg;
582 return ReturnParamDest.returnVal;
585 /****************************************
586 * Given an `AssignExp`, determine if the lvalue will cause
587 * the contents of the rvalue to escape.
588 * Print error messages when these are detected.
589 * Infer `scope` attribute for the lvalue where possible, in order
590 * to eliminate the error.
592 * sc = used to determine current function and module
593 * e = `AssignExp` or `CatAssignExp` to check for any pointers to the stack
594 * gag = do not print error messages
595 * byRef = set to `true` if `e1` of `e` gets assigned a reference to `e2`
597 * `true` if pointers to the stack can escape via assignment
599 bool checkAssignEscape(Scope* sc, Expression e, bool gag, bool byRef)
602 if (log) printf("checkAssignEscape(e: %s, byRef: %d)\n", e.toChars(), byRef);
603 if (e.op != EXP.assign && e.op != EXP.blit && e.op != EXP.construct &&
604 e.op != EXP.concatenateAssign && e.op != EXP.concatenateElemAssign && e.op != EXP.concatenateDcharAssign)
606 auto ae = cast(BinExp)e;
607 Expression e1 = ae.e1;
608 Expression e2 = ae.e2;
609 //printf("type = %s, %d\n", e1.type.toChars(), e1.type.hasPointers());
611 if (!e1.type.hasPointers())
616 if (VarDeclaration va = expToVariable(e1))
618 if (!va.type.toBasetype().isTypeSArray() || // treat static array slice same as a variable
619 !va.type.hasPointers())
626 /* The struct literal case can arise from the S(e2) constructor call:
628 * and appears in this function as:
629 * structLiteral = e2;
630 * Such an assignment does not necessarily remove scope-ness.
632 if (e1.isStructLiteralExp())
635 VarDeclaration va = expToVariable(e1);
639 escapeByRef(e2, &er);
641 escapeByValue(e2, &er);
643 if (!er.byref.length && !er.byvalue.length && !er.byfunc.length && !er.byexp.length)
647 if (va && e.op == EXP.concatenateElemAssign)
649 /* https://issues.dlang.org/show_bug.cgi?id=17842
650 * Draw an equivalence between:
654 * since we are not assigning to va, but are assigning indirectly through va.
659 if (va && e1.isDotVarExp() && va.type.toBasetype().isTypeClass())
661 /* https://issues.dlang.org/show_bug.cgi?id=17949
662 * Draw an equivalence between:
666 * since we are not assigning to va, but are assigning indirectly through class reference va.
671 if (log && va) printf("va: %s\n", va.toChars());
673 FuncDeclaration fd = sc.func;
676 // Determine if va is a `ref` parameter, so it has a lifetime exceding the function scope
677 const bool vaIsRef = va && va.isParameter() && va.isReference();
678 if (log && vaIsRef) printf("va is ref `%s`\n", va.toChars());
680 // Determine if va is the first parameter, through which other 'return' parameters
682 bool vaIsFirstRef = false;
685 final switch (returnParamDest(fd.type.isTypeFunction(), fd.vthis ? fd.vthis.type : null))
687 case ReturnParamDest.this_:
688 vaIsFirstRef = va == fd.vthis;
690 case ReturnParamDest.firstArg:
691 vaIsFirstRef = (*fd.parameters)[0] == va;
693 case ReturnParamDest.returnVal:
697 if (log && vaIsFirstRef) printf("va is first ref `%s`\n", va.toChars());
700 foreach (VarDeclaration v; er.byvalue)
702 if (log) printf("byvalue: %s\n", v.toChars());
709 Dsymbol p = v.toParent2();
711 if (va && !vaIsRef && !va.isScope() && !v.isScope() &&
712 !v.isTypesafeVariadicArray && !va.isTypesafeVariadicArray &&
713 (va.isParameter() && va.maybeScope && v.isParameter() && v.maybeScope) &&
716 /* Add v to va's list of dependencies
722 if (vaIsFirstRef && p == fd)
724 inferReturn(fd, v, /*returnScope:*/ true);
727 if (!(va && va.isScope()) || vaIsRef)
732 if (vaIsFirstRef && v.isParameter() && v.isReturn())
734 // va=v, where v is `return scope`
739 // If va's lifetime encloses v's, then error
740 if (EnclosedBy eb = va.enclosesLifetimeOf(v))
745 case EnclosedBy.none: assert(0);
746 case EnclosedBy.returnScope:
747 msg = "scope variable `%s` assigned to return scope `%s`";
749 case EnclosedBy.longerScope:
750 if (v.storage_class & STC.temp)
752 msg = "scope variable `%s` assigned to `%s` with longer lifetime";
754 case EnclosedBy.refVar:
755 msg = "scope variable `%s` assigned to `ref` variable `%s` with longer lifetime";
757 case EnclosedBy.global:
758 msg = "scope variable `%s` assigned to global variable `%s`";
762 if (sc.setUnsafeDIP1000(gag, ae.loc, msg, v, va))
769 // v = scope, va should be scope as well
770 const vaWasScope = va && va.isScope();
773 // In case of `scope local = returnScopeParam`, do not infer return scope for `x`
774 if (!vaWasScope && v.isReturn() && !va.isReturn())
776 if (log) printf("infer return for %s\n", va.toChars());
777 va.storage_class |= STC.return_ | STC.returninferred;
779 // Added "return scope" so don't confuse it with "return ref"
780 if (isRefReturnScope(va.storage_class))
781 va.storage_class |= STC.returnScope;
785 result |= sc.setUnsafeDIP1000(gag, ae.loc, "scope variable `%s` assigned to non-scope `%s`", v, e1);
787 else if (v.isTypesafeVariadicArray && p == fd)
791 result |= sc.setUnsafeDIP1000(gag, ae.loc, "variadic variable `%s` assigned to non-scope `%s`", v, e1);
795 /* v is not 'scope', and we didn't check the scope of where we assigned it to.
796 * It may escape via that assignment, therefore, v can never be 'scope'.
798 //printf("no infer for %s in %s, %d\n", v.toChars(), fd.ident.toChars(), __LINE__);
799 doNotInferScope(v, e);
803 foreach (VarDeclaration v; er.byref)
805 if (log) printf("byref: %s\n", v.toChars());
809 if (checkScopeVarAddr(v, ae, sc, gag))
815 if (va && va.isScope() && !v.isReference())
819 va.doNotInferReturn = true;
823 result |= sc.setUnsafeDIP1000(gag, ae.loc,
824 "address of local variable `%s` assigned to return scope `%s`", v, va);
828 Dsymbol p = v.toParent2();
830 if (vaIsFirstRef && p == fd)
832 //if (log) printf("inferring 'return' for parameter %s in function %s\n", v.toChars(), fd.toChars());
833 inferReturn(fd, v, /*returnScope:*/ false);
836 // If va's lifetime encloses v's, then error
837 if (va && !(vaIsFirstRef && v.isReturn()) && va.enclosesLifetimeOf(v))
839 if (sc.setUnsafeDIP1000(gag, ae.loc, "address of variable `%s` assigned to `%s` with longer lifetime", v, va))
846 if (!(va && va.isScope()))
854 if (v.isReturn() && !va.isReturn())
855 va.storage_class |= STC.return_ | STC.returninferred;
858 if (e1.op == EXP.structLiteral)
861 result |= sc.setUnsafeDIP1000(gag, ae.loc, "reference to local variable `%s` assigned to non-scope `%s`", v, e1);
864 foreach (FuncDeclaration func; er.byfunc)
866 if (log) printf("byfunc: %s, %d\n", func.toChars(), func.tookAddressOf);
867 VarDeclarations vars;
868 findAllOuterAccessedVariables(func, &vars);
870 /* https://issues.dlang.org/show_bug.cgi?id=16037
871 * If assigning the address of a delegate to a scope variable,
872 * then uncount that address of. This is so it won't cause a
873 * closure to be allocated.
875 if (va && va.isScope() && !va.isReturn() && func.tookAddressOf)
876 --func.tookAddressOf;
880 //printf("v = %s\n", v.toChars());
881 assert(!v.isDataseg()); // these are not put in the closureVars[]
883 Dsymbol p = v.toParent2();
885 if (!(va && va.isScope()))
888 if (!(v.isReference() || v.isScope()) || p != fd)
891 if (va && !va.isDataseg() && (va.isScope() || va.maybeScope))
893 /* Don't infer STC.scope_ for va, because then a closure
894 * won't be generated for fd.
897 //va.storage_class |= STC.scope_ | STC.scopeinferred;
900 result |= sc.setUnsafeDIP1000(gag, ae.loc,
901 "reference to local `%s` assigned to non-scope `%s` in @safe code", v, e1);
905 foreach (Expression ee; er.byexp)
907 if (log) printf("byexp: %s\n", ee.toChars());
909 /* Do not allow slicing of a static array returned by a function
911 if (ee.op == EXP.call && ee.type.toBasetype().isTypeSArray() && e1.type.toBasetype().isTypeDArray() &&
912 !(va && va.storage_class & STC.temp))
915 deprecation(ee.loc, "slice of static array temporary returned by `%s` assigned to longer lived variable `%s`",
916 ee.toChars(), e1.toChars());
921 if (ee.op == EXP.call && ee.type.toBasetype().isTypeStruct() &&
922 (!va || !(va.storage_class & STC.temp) && !va.isScope()))
924 if (sc.setUnsafeDIP1000(gag, ee.loc, "address of struct temporary returned by `%s` assigned to longer lived variable `%s`", ee, e1))
931 if (ee.op == EXP.structLiteral &&
932 (!va || !(va.storage_class & STC.temp)))
934 if (sc.setUnsafeDIP1000(gag, ee.loc, "address of struct literal `%s` assigned to longer lived variable `%s`", ee, e1))
944 result |= sc.setUnsafeDIP1000(gag, ee.loc,
945 "reference to stack allocated value returned by `%s` assigned to non-scope `%s`", ee, e1);
951 /************************************
952 * Detect cases where pointers to the stack can escape the
953 * lifetime of the stack frame when throwing `e`.
954 * Print error messages when these are detected.
956 * sc = used to determine current function and module
957 * e = expression to check for any pointers to the stack
958 * gag = do not print error messages
960 * `true` if pointers to the stack can escape
962 bool checkThrowEscape(Scope* sc, Expression e, bool gag)
964 //printf("[%s] checkThrowEscape, e = %s\n", e.loc.toChars(), e.toChars());
967 escapeByValue(e, &er);
969 if (!er.byref.length && !er.byvalue.length && !er.byexp.length)
973 foreach (VarDeclaration v; er.byvalue)
975 //printf("byvalue %s\n", v.toChars());
979 if (v.isScope() && !v.iscatchvar) // special case: allow catch var to be rethrown
980 // despite being `scope`
982 // https://issues.dlang.org/show_bug.cgi?id=17029
983 result |= sc.setUnsafeDIP1000(gag, e.loc, "scope variable `%s` may not be thrown", v);
988 notMaybeScope(v, new ThrowExp(e.loc, e));
994 /************************************
995 * Detect cases where pointers to the stack can escape the
996 * lifetime of the stack frame by being placed into a GC allocated object.
997 * Print error messages when these are detected.
999 * sc = used to determine current function and module
1000 * e = expression to check for any pointers to the stack
1001 * gag = do not print error messages
1003 * `true` if pointers to the stack can escape
1005 bool checkNewEscape(Scope* sc, Expression e, bool gag)
1007 import dmd.globals: FeatureState;
1008 import dmd.errors: previewErrorFunc;
1010 //printf("[%s] checkNewEscape, e = %s\n", e.loc.toChars(), e.toChars());
1012 if (log) printf("[%s] checkNewEscape, e: `%s`\n", e.loc.toChars(), e.toChars());
1015 escapeByValue(e, &er);
1017 if (!er.byref.length && !er.byvalue.length && !er.byexp.length)
1020 bool result = false;
1021 foreach (VarDeclaration v; er.byvalue)
1023 if (log) printf("byvalue `%s`\n", v.toChars());
1027 Dsymbol p = v.toParent2();
1032 /* This case comes up when the ReturnStatement of a __foreachbody is
1033 * checked for escapes by the caller of __foreachbody. Skip it.
1035 * struct S { static int opApply(int delegate(S*) dg); }
1037 * foreach (S* s; S) // create __foreachbody for body of foreach
1038 * return s; // s is inferred as 'scope' but incorrectly tested in foo()
1041 !(p.parent == sc.func))
1043 // https://issues.dlang.org/show_bug.cgi?id=20868
1044 result |= sc.setUnsafeDIP1000(gag, e.loc, "scope variable `%s` may not be copied into allocated memory", v);
1048 else if (v.isTypesafeVariadicArray && p == sc.func)
1050 result |= sc.setUnsafeDIP1000(gag, e.loc,
1051 "copying `%s` into allocated memory escapes a reference to variadic parameter `%s`", e, v);
1055 //printf("no infer for %s in %s, %d\n", v.toChars(), sc.func.ident.toChars(), __LINE__);
1056 notMaybeScope(v, e);
1060 foreach (VarDeclaration v; er.byref)
1062 if (log) printf("byref `%s`\n", v.toChars());
1064 // 'featureState' tells us whether to emit an error or a deprecation,
1065 // depending on the flag passed to the CLI for DIP25 / DIP1000
1066 bool escapingRef(VarDeclaration v, FeatureState fs)
1068 const(char)* msg = v.isParameter() ?
1069 "copying `%s` into allocated memory escapes a reference to parameter `%s`" :
1070 "copying `%s` into allocated memory escapes a reference to local variable `%s`";
1071 return sc.setUnsafePreview(fs, gag, e.loc, msg, e, v);
1077 Dsymbol p = v.toParent2();
1079 if (!v.isReference())
1083 result |= escapingRef(v, global.params.useDIP1000);
1088 /* Check for returning a ref variable by 'ref', but should be 'return ref'
1089 * Infer the addition of 'return', or set result to be the offending expression.
1091 if (!v.isReference())
1094 // https://dlang.org/spec/function.html#return-ref-parameters
1097 //printf("escaping reference to local ref variable %s\n", v.toChars());
1098 //printf("storage class = x%llx\n", v.storage_class);
1099 result |= escapingRef(v, global.params.useDIP25);
1102 // Don't need to be concerned if v's parent does not return a ref
1103 FuncDeclaration func = p.isFuncDeclaration();
1104 if (!func || !func.type)
1106 if (auto tf = func.type.isTypeFunction())
1111 const(char)* msg = "storing reference to outer local variable `%s` into allocated memory causes it to escape";
1114 previewErrorFunc(sc.isDeprecated(), global.params.useDIP25)(e.loc, msg, v.toChars());
1117 // If -preview=dip25 is used, the user wants an error
1118 // Otherwise, issue a deprecation
1119 result |= (global.params.useDIP25 == FeatureState.enabled);
1123 foreach (Expression ee; er.byexp)
1125 if (log) printf("byexp %s\n", ee.toChars());
1127 error(ee.loc, "storing reference to stack allocated value returned by `%s` into allocated memory causes it to escape",
1136 /************************************
1137 * Detect cases where pointers to the stack can escape the
1138 * lifetime of the stack frame by returning `e` by value.
1139 * Print error messages when these are detected.
1141 * sc = used to determine current function and module
1142 * e = expression to check for any pointers to the stack
1143 * gag = do not print error messages
1145 * `true` if pointers to the stack can escape
1147 bool checkReturnEscape(Scope* sc, Expression e, bool gag)
1149 //printf("[%s] checkReturnEscape, e: %s\n", e.loc.toChars(), e.toChars());
1150 return checkReturnEscapeImpl(sc, e, false, gag);
1153 /************************************
1154 * Detect cases where returning `e` by `ref` can result in a reference to the stack
1156 * Print error messages when these are detected.
1158 * sc = used to determine current function and module
1159 * e = expression to check
1160 * gag = do not print error messages
1162 * `true` if references to the stack can escape
1164 bool checkReturnEscapeRef(Scope* sc, Expression e, bool gag)
1168 printf("[%s] checkReturnEscapeRef, e = %s\n", e.loc.toChars(), e.toChars());
1169 printf("current function %s\n", sc.func.toChars());
1170 printf("parent2 function %s\n", sc.func.toParent2().toChars());
1173 return checkReturnEscapeImpl(sc, e, true, gag);
1176 /***************************************
1177 * Implementation of checking for escapes in return expressions.
1179 * sc = used to determine current function and module
1180 * e = expression to check
1181 * refs = `true`: escape by value, `false`: escape by `ref`
1182 * gag = do not print error messages
1184 * `true` if references to the stack can escape
1186 private bool checkReturnEscapeImpl(Scope* sc, Expression e, bool refs, bool gag)
1189 if (log) printf("[%s] checkReturnEscapeImpl, refs: %d e: `%s`\n", e.loc.toChars(), refs, e.toChars());
1193 escapeByRef(e, &er);
1195 escapeByValue(e, &er);
1197 if (!er.byref.length && !er.byvalue.length && !er.byexp.length)
1200 bool result = false;
1201 foreach (VarDeclaration v; er.byvalue)
1203 if (log) printf("byvalue `%s`\n", v.toChars());
1207 const vsr = buildScopeRef(v.storage_class);
1209 Dsymbol p = v.toParent2();
1211 if (p == sc.func && inferReturn(sc.func, v, /*returnScope:*/ true))
1218 /* If `return scope` applies to v.
1220 if (vsr == ScopeRef.ReturnScope ||
1221 vsr == ScopeRef.Ref_ReturnScope)
1226 auto pfunc = p.isFuncDeclaration();
1228 /* This case comes up when the ReturnStatement of a __foreachbody is
1229 * checked for escapes by the caller of __foreachbody. Skip it.
1231 * struct S { static int opApply(int delegate(S*) dg); }
1233 * foreach (S* s; S) // create __foreachbody for body of foreach
1234 * return s; // s is inferred as 'scope' but incorrectly tested in foo()
1237 !(!refs && p.parent == sc.func && pfunc.fes) &&
1239 * auto p(scope string s) {
1240 * string scfunc() { return s; }
1243 !(!refs && sc.func.isFuncDeclaration().getLevel(pfunc, sc.intypeof) > 0)
1246 if (v.isParameter() && !v.isReturn())
1248 // https://issues.dlang.org/show_bug.cgi?id=23191
1251 previewErrorFunc(sc.isDeprecated(), global.params.useDIP1000)(e.loc,
1252 "scope parameter `%s` may not be returned", v.toChars()
1260 // https://issues.dlang.org/show_bug.cgi?id=17029
1261 result |= sc.setUnsafeDIP1000(gag, e.loc, "scope variable `%s` may not be returned", v);
1266 else if (v.isTypesafeVariadicArray && p == sc.func)
1269 error(e.loc, "returning `%s` escapes a reference to variadic parameter `%s`", e.toChars(), v.toChars());
1274 //printf("no infer for %s in %s, %d\n", v.toChars(), sc.func.ident.toChars(), __LINE__);
1275 doNotInferScope(v, e);
1279 foreach (i, VarDeclaration v; er.byref[])
1283 printf("byref `%s` %s\n", v.toChars(), toChars(buildScopeRef(v.storage_class)));
1286 // 'featureState' tells us whether to emit an error or a deprecation,
1287 // depending on the flag passed to the CLI for DIP25
1288 void escapingRef(VarDeclaration v, FeatureState featureState)
1290 const(char)* msg = v.isParameter() ?
1291 "returning `%s` escapes a reference to parameter `%s`" :
1292 "returning `%s` escapes a reference to local variable `%s`";
1294 if (v.isParameter() && v.isReference())
1296 if (sc.setUnsafePreview(featureState, gag, e.loc, msg, e, v) ||
1297 sc.func.isSafeBypassingInference())
1300 if (v.storage_class & STC.returnScope)
1302 previewSupplementalFunc(sc.isDeprecated(), featureState)(v.loc,
1303 "perhaps change the `return scope` into `scope return`");
1307 const(char)* annotateKind = (v.ident is Id.This) ? "function" : "parameter";
1308 previewSupplementalFunc(sc.isDeprecated(), featureState)(v.loc,
1309 "perhaps annotate the %s with `return`", annotateKind);
1315 if (er.refRetRefTransition[i])
1317 result |= sc.setUnsafeDIP1000(gag, e.loc, msg, e, v);
1322 previewErrorFunc(sc.isDeprecated(), featureState)(e.loc, msg, e.toChars(), v.toChars());
1331 const vsr = buildScopeRef(v.storage_class);
1333 Dsymbol p = v.toParent2();
1335 // https://issues.dlang.org/show_bug.cgi?id=19965
1338 if (sc.func.vthis == v)
1339 notMaybeScope(v, e);
1341 if (checkScopeVarAddr(v, e, sc, gag))
1348 if (!v.isReference())
1352 escapingRef(v, FeatureState.enabled);
1355 FuncDeclaration fd = p.isFuncDeclaration();
1356 if (fd && sc.func.returnInprocess)
1360 * auto dg = () { return &x; }
1362 * auto dg = () return { return &x; }
1363 * Because dg.ptr points to x, this is returning dt.ptr+offset
1365 sc.func.storage_class |= STC.return_ | STC.returninferred;
1369 /* Check for returning a ref variable by 'ref', but should be 'return ref'
1370 * Infer the addition of 'return', or set result to be the offending expression.
1372 if ((vsr == ScopeRef.Ref ||
1373 vsr == ScopeRef.RefScope ||
1374 vsr == ScopeRef.Ref_ReturnScope) &&
1375 !(v.storage_class & STC.foreach_))
1377 if (p == sc.func && (vsr == ScopeRef.Ref || vsr == ScopeRef.RefScope) &&
1378 inferReturn(sc.func, v, /*returnScope:*/ false))
1384 // https://dlang.org/spec/function.html#return-ref-parameters
1385 // Only look for errors if in module listed on command line
1388 //printf("escaping reference to local ref variable %s\n", v.toChars());
1389 //printf("storage class = x%llx\n", v.storage_class);
1390 escapingRef(v, global.params.useDIP25);
1393 // Don't need to be concerned if v's parent does not return a ref
1394 FuncDeclaration fd = p.isFuncDeclaration();
1395 if (fd && fd.type && fd.type.ty == Tfunction)
1397 TypeFunction tf = fd.type.isTypeFunction();
1400 const(char)* msg = "escaping reference to outer local variable `%s`";
1402 previewErrorFunc(sc.isDeprecated(), global.params.useDIP25)(e.loc, msg, v.toChars());
1412 foreach (i, Expression ee; er.byexp[])
1414 if (log) printf("byexp %s\n", ee.toChars());
1415 if (er.expRetRefTransition[i])
1417 result |= sc.setUnsafeDIP1000(gag, ee.loc,
1418 "escaping reference to stack allocated value returned by `%s`", ee);
1423 error(ee.loc, "escaping reference to stack allocated value returned by `%s`", ee.toChars());
1430 /***********************************
1431 * Infer `scope` for a variable
1434 * va = variable to infer scope for
1435 * Returns: `true` if succesful or already `scope`
1437 bool inferScope(VarDeclaration va)
1441 if (!va.isDataseg() && va.maybeScope && !va.isScope())
1443 //printf("inferring scope for %s\n", va.toChars());
1444 va.maybeScope = false;
1445 va.storage_class |= STC.scope_ | STC.scopeinferred;
1448 return va.isScope();
1451 /*************************************
1452 * Variable v needs to have 'return' inferred for it.
1454 * fd = function that v is a parameter to
1455 * v = parameter that needs to be STC.return_
1456 * returnScope = infer `return scope` instead of `return ref`
1458 * Returns: whether the inference on `v` was successful or `v` already was `return`
1460 private bool inferReturn(FuncDeclaration fd, VarDeclaration v, bool returnScope)
1463 return !!(v.storage_class & STC.returnScope) == returnScope;
1465 if (!v.isParameter() || v.isTypesafeVariadicArray || (returnScope && v.doNotInferReturn))
1468 if (!fd.returnInprocess)
1471 if (returnScope && !(v.isScope() || v.maybeScope))
1474 //printf("for function '%s' inferring 'return' for variable '%s', returnScope: %d\n", fd.toChars(), v.toChars(), returnScope);
1475 auto newStcs = STC.return_ | STC.returninferred | (returnScope ? STC.returnScope : 0);
1476 v.storage_class |= newStcs;
1480 /* v is the 'this' reference, so mark the function
1482 fd.storage_class |= newStcs;
1483 if (auto tf = fd.type.isTypeFunction())
1485 //printf("'this' too %p %s\n", tf, sc.func.toChars());
1486 tf.isreturnscope = returnScope;
1488 tf.isreturninferred = true;
1493 // Perform 'return' inference on parameter
1494 if (auto tf = fd.type.isTypeFunction())
1496 foreach (i, p; tf.parameterList)
1498 if (p.ident == v.ident)
1500 p.storageClass |= newStcs;
1501 break; // there can be only one
1510 /****************************************
1511 * e is an expression to be returned by value, and that value contains pointers.
1512 * Walk e to determine which variables are possibly being
1513 * returned by value, such as:
1514 * int* function(int* p) { return p; }
1515 * If e is a form of &p, determine which variables have content
1516 * which is being returned as ref, such as:
1517 * int* function(int i) { return &i; }
1518 * Multiple variables can be inserted, because of expressions like this:
1519 * int function(bool b, int i, int* p) { return b ? &i : p; }
1524 * e = expression to be returned by value
1525 * er = where to place collected data
1526 * live = if @live semantics apply, i.e. expressions `p`, `*p`, `**p`, etc., all return `p`.
1527 * retRefTransition = if `e` is returned through a `return ref scope` function call
1529 void escapeByValue(Expression e, EscapeByResults* er, bool live = false, bool retRefTransition = false)
1531 //printf("[%s] escapeByValue, e: %s\n", e.loc.toChars(), e.toChars());
1533 void visit(Expression e)
1537 void visitAddr(AddrExp e)
1539 /* Taking the address of struct literal is normally not
1540 * allowed, but CTFE can generate one out of a new expression,
1541 * but it'll be placed in static data so no need to check it.
1543 if (e.e1.op != EXP.structLiteral)
1544 escapeByRef(e.e1, er, live, retRefTransition);
1547 void visitSymOff(SymOffExp e)
1549 VarDeclaration v = e.var.isVarDeclaration();
1551 er.pushRef(v, retRefTransition);
1554 void visitVar(VarExp e)
1556 if (auto v = e.var.isVarDeclaration())
1558 if (v.type.hasPointers() || // not tracking non-pointers
1559 v.storage_class & STC.lazy_) // lazy variables are actually pointers
1564 void visitThis(ThisExp e)
1567 er.byvalue.push(e.var);
1570 void visitPtr(PtrExp e)
1572 if (live && e.type.hasPointers())
1573 escapeByValue(e.e1, er, live, retRefTransition);
1576 void visitDotVar(DotVarExp e)
1578 auto t = e.e1.type.toBasetype();
1579 if (e.type.hasPointers() && (live || t.ty == Tstruct))
1581 escapeByValue(e.e1, er, live, retRefTransition);
1585 void visitDelegate(DelegateExp e)
1587 Type t = e.e1.type.toBasetype();
1588 if (t.ty == Tclass || t.ty == Tpointer)
1589 escapeByValue(e.e1, er, live, retRefTransition);
1591 escapeByRef(e.e1, er, live, retRefTransition);
1592 er.byfunc.push(e.func);
1595 void visitFunc(FuncExp e)
1597 if (e.fd.tok == TOK.delegate_)
1598 er.byfunc.push(e.fd);
1601 void visitTuple(TupleExp e)
1603 assert(0); // should have been lowered by now
1606 void visitArrayLiteral(ArrayLiteralExp e)
1608 Type tb = e.type.toBasetype();
1609 if (tb.ty == Tsarray || tb.ty == Tarray)
1612 escapeByValue(e.basis, er, live, retRefTransition);
1613 foreach (el; *e.elements)
1616 escapeByValue(el, er, live, retRefTransition);
1621 void visitStructLiteral(StructLiteralExp e)
1625 foreach (ex; *e.elements)
1628 escapeByValue(ex, er, live, retRefTransition);
1633 void visitNew(NewExp e)
1635 Type tb = e.newtype.toBasetype();
1636 if (tb.ty == Tstruct && !e.member && e.arguments)
1638 foreach (ex; *e.arguments)
1641 escapeByValue(ex, er, live, retRefTransition);
1646 void visitCast(CastExp e)
1648 if (!e.type.hasPointers())
1650 Type tb = e.type.toBasetype();
1651 if (tb.ty == Tarray && e.e1.type.toBasetype().ty == Tsarray)
1653 escapeByRef(e.e1, er, live, retRefTransition);
1656 escapeByValue(e.e1, er, live, retRefTransition);
1659 void visitSlice(SliceExp e)
1661 if (auto ve = e.e1.isVarExp())
1663 VarDeclaration v = ve.var.isVarDeclaration();
1664 Type tb = e.type.toBasetype();
1667 if (tb.ty == Tsarray)
1669 if (v.isTypesafeVariadicArray)
1676 Type t1b = e.e1.type.toBasetype();
1677 if (t1b.ty == Tsarray)
1679 Type tb = e.type.toBasetype();
1680 if (tb.ty != Tsarray)
1681 escapeByRef(e.e1, er, live, retRefTransition);
1684 escapeByValue(e.e1, er, live, retRefTransition);
1687 void visitIndex(IndexExp e)
1689 if (e.e1.type.toBasetype().ty == Tsarray ||
1690 live && e.type.hasPointers())
1692 escapeByValue(e.e1, er, live, retRefTransition);
1696 void visitBin(BinExp e)
1698 Type tb = e.type.toBasetype();
1699 if (tb.ty == Tpointer)
1701 escapeByValue(e.e1, er, live, retRefTransition);
1702 escapeByValue(e.e2, er, live, retRefTransition);
1706 void visitBinAssign(BinAssignExp e)
1708 escapeByValue(e.e1, er, live, retRefTransition);
1711 void visitAssign(AssignExp e)
1713 escapeByValue(e.e1, er, live, retRefTransition);
1716 void visitComma(CommaExp e)
1718 escapeByValue(e.e2, er, live, retRefTransition);
1721 void visitCond(CondExp e)
1723 escapeByValue(e.e1, er, live, retRefTransition);
1724 escapeByValue(e.e2, er, live, retRefTransition);
1727 void visitCall(CallExp e)
1729 //printf("CallExp(): %s\n", e.toChars());
1730 /* Check each argument that is
1731 * passed as 'return scope'.
1733 TypeFunction tf = e.calledFunctionType();
1734 if (!tf || !e.type.hasPointers())
1737 if (e.arguments && e.arguments.length)
1739 /* j=1 if _arguments[] is first argument,
1740 * skip it because it is not passed by ref
1742 int j = tf.isDstyleVariadic();
1743 for (size_t i = j; i < e.arguments.length; ++i)
1745 Expression arg = (*e.arguments)[i];
1746 size_t nparams = tf.parameterList.length;
1747 if (i - j < nparams && i >= j)
1749 Parameter p = tf.parameterList[i - j];
1750 const stc = tf.parameterStorageClass(null, p);
1751 ScopeRef psr = buildScopeRef(stc);
1752 if (psr == ScopeRef.ReturnScope || psr == ScopeRef.Ref_ReturnScope)
1756 /* ignore `ref` on struct constructor return because
1757 * struct S { this(return scope int* q) { this.p = q; } int* p; }
1758 * is different from:
1759 * ref char* front(return scope char** q) { return *q; }
1760 * https://github.com/dlang/dmd/pull/14869
1762 if (auto dve = e.e1.isDotVarExp())
1763 if (auto fd = dve.var.isFuncDeclaration())
1764 if (fd.isCtorDeclaration() && tf.next.toBasetype().isTypeStruct())
1766 escapeByValue(arg, er, live, retRefTransition);
1770 escapeByValue(arg, er, live, retRefTransition);
1772 else if (psr == ScopeRef.ReturnRef || psr == ScopeRef.ReturnRef_Scope)
1777 * ref P foo(return ref P p)
1781 escapeByValue(arg, er, live, retRefTransition);
1784 escapeByRef(arg, er, live, retRefTransition);
1789 // If 'this' is returned, check it too
1790 Type t1 = e.e1.type.toBasetype();
1791 if (e.e1.op == EXP.dotVariable && t1.ty == Tfunction)
1793 DotVarExp dve = e.e1.isDotVarExp();
1794 FuncDeclaration fd = dve.var.isFuncDeclaration();
1795 if (fd && fd.isThis())
1797 /* Calling a non-static member function dve.var, which is returning `this`, and with dve.e1 representing `this`
1800 /*****************************
1801 * Concoct storage class for member function's implicit `this` parameter.
1803 * fd = member function
1805 * storage class for fd's `this`
1807 StorageClass getThisStorageClass(FuncDeclaration fd)
1810 auto tf = fd.type.toBasetype().isTypeFunction();
1813 if (tf.isreturnscope)
1814 stc |= STC.returnScope | STC.scope_;
1815 auto ad = fd.isThis();
1816 if (ad.isClassDeclaration() || tf.isScopeQual)
1818 if (ad.isStructDeclaration())
1819 stc |= STC.ref_; // `this` for a struct member function is passed by `ref`
1823 const psr = buildScopeRef(getThisStorageClass(fd));
1824 if (psr == ScopeRef.ReturnScope || psr == ScopeRef.Ref_ReturnScope)
1826 if (!tf.isref || tf.isctor)
1827 escapeByValue(dve.e1, er, live, retRefTransition);
1829 else if (psr == ScopeRef.ReturnRef || psr == ScopeRef.ReturnRef_Scope)
1834 * struct S { ref S foo() return; }
1838 escapeByValue(dve.e1, er, live, retRefTransition);
1841 escapeByRef(dve.e1, er, live, psr == ScopeRef.ReturnRef_Scope);
1845 // If it's also a nested function that is 'return scope'
1846 if (fd && fd.isNested())
1848 if (tf.isreturn && tf.isScopeQual)
1849 er.pushExp(e, false);
1853 /* If returning the result of a delegate call, the .ptr
1854 * field of the delegate must be checked.
1856 if (t1.isTypeDelegate())
1859 escapeByValue(e.e1, er, live, retRefTransition);
1862 /* If it's a nested function that is 'return scope'
1864 if (auto ve = e.e1.isVarExp())
1866 FuncDeclaration fd = ve.var.isFuncDeclaration();
1867 if (fd && fd.isNested())
1869 if (tf.isreturn && tf.isScopeQual)
1870 er.pushExp(e, false);
1877 case EXP.address: return visitAddr(e.isAddrExp());
1878 case EXP.symbolOffset: return visitSymOff(e.isSymOffExp());
1879 case EXP.variable: return visitVar(e.isVarExp());
1880 case EXP.this_: return visitThis(e.isThisExp());
1881 case EXP.star: return visitPtr(e.isPtrExp());
1882 case EXP.dotVariable: return visitDotVar(e.isDotVarExp());
1883 case EXP.delegate_: return visitDelegate(e.isDelegateExp());
1884 case EXP.function_: return visitFunc(e.isFuncExp());
1885 case EXP.tuple: return visitTuple(e.isTupleExp());
1886 case EXP.arrayLiteral: return visitArrayLiteral(e.isArrayLiteralExp());
1887 case EXP.structLiteral: return visitStructLiteral(e.isStructLiteralExp());
1888 case EXP.new_: return visitNew(e.isNewExp());
1889 case EXP.cast_: return visitCast(e.isCastExp());
1890 case EXP.slice: return visitSlice(e.isSliceExp());
1891 case EXP.index: return visitIndex(e.isIndexExp());
1892 case EXP.blit: return visitAssign(e.isBlitExp());
1893 case EXP.construct: return visitAssign(e.isConstructExp());
1894 case EXP.assign: return visitAssign(e.isAssignExp());
1895 case EXP.comma: return visitComma(e.isCommaExp());
1896 case EXP.question: return visitCond(e.isCondExp());
1897 case EXP.call: return visitCall(e.isCallExp());
1899 if (auto b = e.isBinExp())
1901 if (auto ba = e.isBinAssignExp())
1902 return visitBinAssign(ba);
1908 /****************************************
1909 * e is an expression to be returned by 'ref'.
1910 * Walk e to determine which variables are possibly being
1911 * returned by ref, such as:
1912 * ref int function(int i) { return i; }
1913 * If e is a form of *p, determine which variables have content
1914 * which is being returned as ref, such as:
1915 * ref int function(int* p) { return *p; }
1916 * Multiple variables can be inserted, because of expressions like this:
1917 * ref int function(bool b, int i, int* p) { return b ? i : *p; }
1922 * e = expression to be returned by 'ref'
1923 * er = where to place collected data
1924 * live = if @live semantics apply, i.e. expressions `p`, `*p`, `**p`, etc., all return `p`.
1925 * retRefTransition = if `e` is returned through a `return ref scope` function call
1927 void escapeByRef(Expression e, EscapeByResults* er, bool live = false, bool retRefTransition = false)
1929 //printf("[%s] escapeByRef, e: %s, retRefTransition: %d\n", e.loc.toChars(), e.toChars(), retRefTransition);
1930 void visit(Expression e)
1934 void visitVar(VarExp e)
1936 auto v = e.var.isVarDeclaration();
1939 if (v.storage_class & STC.ref_ && v.storage_class & (STC.foreach_ | STC.temp) && v._init)
1941 /* If compiler generated ref temporary
1943 * look at the initializer instead
1945 if (ExpInitializer ez = v._init.isExpInitializer())
1947 if (auto ce = ez.exp.isConstructExp())
1948 escapeByRef(ce.e2, er, live, retRefTransition);
1950 escapeByRef(ez.exp, er, live, retRefTransition);
1954 er.pushRef(v, retRefTransition);
1958 void visitThis(ThisExp e)
1960 if (e.var && e.var.toParent2().isFuncDeclaration().hasDualContext())
1961 escapeByValue(e, er, live, retRefTransition);
1963 er.pushRef(e.var, retRefTransition);
1966 void visitPtr(PtrExp e)
1968 escapeByValue(e.e1, er, live, retRefTransition);
1971 void visitIndex(IndexExp e)
1973 Type tb = e.e1.type.toBasetype();
1974 if (auto ve = e.e1.isVarExp())
1976 VarDeclaration v = ve.var.isVarDeclaration();
1977 if (v && v.isTypesafeVariadicArray)
1979 er.pushRef(v, retRefTransition);
1983 if (tb.ty == Tsarray)
1985 escapeByRef(e.e1, er, live, retRefTransition);
1987 else if (tb.ty == Tarray)
1989 escapeByValue(e.e1, er, live, retRefTransition);
1993 void visitStructLiteral(StructLiteralExp e)
1997 foreach (ex; *e.elements)
2000 escapeByRef(ex, er, live, retRefTransition);
2003 er.pushExp(e, retRefTransition);
2006 void visitDotVar(DotVarExp e)
2008 Type t1b = e.e1.type.toBasetype();
2009 if (t1b.ty == Tclass)
2010 escapeByValue(e.e1, er, live, retRefTransition);
2012 escapeByRef(e.e1, er, live, retRefTransition);
2015 void visitBinAssign(BinAssignExp e)
2017 escapeByRef(e.e1, er, live, retRefTransition);
2020 void visitAssign(AssignExp e)
2022 escapeByRef(e.e1, er, live, retRefTransition);
2025 void visitComma(CommaExp e)
2027 escapeByRef(e.e2, er, live, retRefTransition);
2030 void visitCond(CondExp e)
2032 escapeByRef(e.e1, er, live, retRefTransition);
2033 escapeByRef(e.e2, er, live, retRefTransition);
2036 void visitCall(CallExp e)
2038 //printf("escapeByRef.CallExp(): %s\n", e.toChars());
2039 /* If the function returns by ref, check each argument that is
2040 * passed as 'return ref'.
2042 TypeFunction tf = e.calledFunctionType();
2047 if (e.arguments && e.arguments.length)
2049 /* j=1 if _arguments[] is first argument,
2050 * skip it because it is not passed by ref
2052 int j = tf.isDstyleVariadic();
2053 for (size_t i = j; i < e.arguments.length; ++i)
2055 Expression arg = (*e.arguments)[i];
2056 size_t nparams = tf.parameterList.length;
2057 if (i - j < nparams && i >= j)
2059 Parameter p = tf.parameterList[i - j];
2060 const stc = tf.parameterStorageClass(null, p);
2061 ScopeRef psr = buildScopeRef(stc);
2062 if (psr == ScopeRef.ReturnRef || psr == ScopeRef.ReturnRef_Scope)
2063 escapeByRef(arg, er, live, retRefTransition);
2064 else if (psr == ScopeRef.ReturnScope || psr == ScopeRef.Ref_ReturnScope)
2066 if (auto de = arg.isDelegateExp())
2068 if (de.func.isNested())
2069 er.pushExp(de, false);
2072 escapeByValue(arg, er, live, retRefTransition);
2077 // If 'this' is returned by ref, check it too
2078 Type t1 = e.e1.type.toBasetype();
2079 if (e.e1.op == EXP.dotVariable && t1.ty == Tfunction)
2081 DotVarExp dve = e.e1.isDotVarExp();
2083 // https://issues.dlang.org/show_bug.cgi?id=20149#c10
2084 if (dve.var.isCtorDeclaration())
2086 er.pushExp(e, false);
2090 StorageClass stc = dve.var.storage_class & (STC.return_ | STC.scope_ | STC.ref_);
2097 if (tf.isreturnscope)
2098 stc |= STC.returnScope;
2100 const psr = buildScopeRef(stc);
2101 if (psr == ScopeRef.ReturnRef || psr == ScopeRef.ReturnRef_Scope)
2102 escapeByRef(dve.e1, er, live, psr == ScopeRef.ReturnRef_Scope);
2103 else if (psr == ScopeRef.ReturnScope || psr == ScopeRef.Ref_ReturnScope)
2104 escapeByValue(dve.e1, er, live, retRefTransition);
2106 // If it's also a nested function that is 'return ref'
2107 if (FuncDeclaration fd = dve.var.isFuncDeclaration())
2109 if (fd.isNested() && tf.isreturn)
2111 er.pushExp(e, false);
2115 // If it's a delegate, check it too
2116 if (e.e1.op == EXP.variable && t1.ty == Tdelegate)
2118 escapeByValue(e.e1, er, live, retRefTransition);
2121 /* If it's a nested function that is 'return ref'
2123 if (auto ve = e.e1.isVarExp())
2125 FuncDeclaration fd = ve.var.isFuncDeclaration();
2126 if (fd && fd.isNested())
2129 er.pushExp(e, false);
2134 er.pushExp(e, retRefTransition);
2139 case EXP.variable: return visitVar(e.isVarExp());
2140 case EXP.this_: return visitThis(e.isThisExp());
2141 case EXP.star: return visitPtr(e.isPtrExp());
2142 case EXP.structLiteral: return visitStructLiteral(e.isStructLiteralExp());
2143 case EXP.dotVariable: return visitDotVar(e.isDotVarExp());
2144 case EXP.index: return visitIndex(e.isIndexExp());
2145 case EXP.blit: return visitAssign(e.isBlitExp());
2146 case EXP.construct: return visitAssign(e.isConstructExp());
2147 case EXP.assign: return visitAssign(e.isAssignExp());
2148 case EXP.comma: return visitComma(e.isCommaExp());
2149 case EXP.question: return visitCond(e.isCondExp());
2150 case EXP.call: return visitCall(e.isCallExp());
2152 if (auto ba = e.isBinAssignExp())
2153 return visitBinAssign(ba);
2158 /************************************
2159 * Aggregate the data collected by the escapeBy??() functions.
2161 struct EscapeByResults
2163 VarDeclarations byref; // array into which variables being returned by ref are inserted
2164 VarDeclarations byvalue; // array into which variables with values containing pointers are inserted
2165 private FuncDeclarations byfunc; // nested functions that are turned into delegates
2166 private Expressions byexp; // array into which temporaries being returned by ref are inserted
2168 import dmd.root.array: Array;
2171 * Whether the variable / expression went through a `return ref scope` function call
2173 * This is needed for the dip1000 by default transition, since the rules for
2174 * disambiguating `return scope ref` have changed. Therefore, functions in legacy code
2175 * can be mistakenly treated as `return ref` making the compiler believe stack variables
2176 * are being escaped, which is an error even in `@system` code. By keeping track of this
2177 * information, variables escaped through `return ref` can be treated as a deprecation instead
2178 * of error, see test/fail_compilation/dip1000_deprecation.d
2180 private Array!bool refRetRefTransition;
2181 private Array!bool expRetRefTransition;
2183 /** Reset arrays so the storage can be used again
2192 refRetRefTransition.setDim(0);
2193 expRetRefTransition.setDim(0);
2197 * Escape variable `v` by reference
2199 * v = variable to escape
2200 * retRefTransition = `v` is escaped through a `return ref scope` function call
2202 void pushRef(VarDeclaration v, bool retRefTransition)
2205 refRetRefTransition.push(retRefTransition);
2209 * Escape a reference to expression `e`
2211 * e = expression to escape
2212 * retRefTransition = `e` is escaped through a `return ref scope` function call
2214 void pushExp(Expression e, bool retRefTransition)
2217 expRetRefTransition.push(retRefTransition);
2221 /*************************
2222 * Find all variables accessed by this delegate that are
2223 * in functions enclosing it.
2226 * vars = array to append found variables to
2228 public void findAllOuterAccessedVariables(FuncDeclaration fd, VarDeclarations* vars)
2230 //printf("findAllOuterAccessedVariables(fd: %s)\n", fd.toChars());
2231 for (auto p = fd.parent; p; p = p.parent)
2233 auto fdp = p.isFuncDeclaration();
2237 foreach (v; fdp.closureVars)
2239 foreach (const fdv; v.nestedrefs)
2243 //printf("accessed: %s, type %s\n", v.toChars(), v.type.toChars());
2251 /***********************************
2252 * Turn off `maybeScope` for variable `v`.
2254 * This exists in order to find where `maybeScope` is getting turned off.
2257 * o = reason for it being turned off:
2258 * - `Expression` such as `throw e` or `&e`
2259 * - `VarDeclaration` of a non-scope parameter it was assigned to
2260 * - `null` for no reason
2262 private void notMaybeScope(VarDeclaration v, RootObject o)
2266 v.maybeScope = false;
2267 if (o && v.isParameter())
2268 EscapeState.scopeInferFailure[v.sequenceNumber] = o;
2272 /***********************************
2273 * Turn off `maybeScope` for variable `v` if it's not a parameter.
2275 * This is for compatibility with the old system with both `STC.maybescope` and `VarDeclaration.doNotInferScope`,
2276 * which is now just `VarDeclaration.maybeScope`.
2277 * This function should probably be removed in future refactors.
2281 * o = reason for it being turned off
2283 private void doNotInferScope(VarDeclaration v, RootObject o)
2286 notMaybeScope(v, o);
2289 /***********************************
2290 * After semantic analysis of the function body,
2291 * try to infer `scope` / `return` on the parameters
2294 * funcdecl = function declaration that was analyzed
2295 * f = final function type. `funcdecl.type` started as the 'premature type' before attribute
2296 * inference, then its inferred attributes are copied over to final type `f`
2298 void finishScopeParamInference(FuncDeclaration funcdecl, ref TypeFunction f)
2301 if (funcdecl.returnInprocess)
2303 funcdecl.returnInprocess = false;
2304 if (funcdecl.storage_class & STC.return_)
2306 if (funcdecl.type == f)
2307 f = cast(TypeFunction)f.copy();
2309 f.isreturnscope = cast(bool) (funcdecl.storage_class & STC.returnScope);
2310 if (funcdecl.storage_class & STC.returninferred)
2311 f.isreturninferred = true;
2315 if (!funcdecl.inferScope)
2317 funcdecl.inferScope = false;
2319 // Eliminate maybescope's
2321 // Create and fill array[] with maybe candidates from the `this` and the parameters
2322 VarDeclaration[10] tmp = void;
2323 size_t dim = (funcdecl.vthis !is null) + (funcdecl.parameters ? funcdecl.parameters.length : 0);
2325 import dmd.common.string : SmallBuffer;
2326 auto sb = SmallBuffer!VarDeclaration(dim, tmp[]);
2327 VarDeclaration[] array = sb[];
2331 array[n++] = funcdecl.vthis;
2332 if (funcdecl.parameters)
2334 foreach (v; *funcdecl.parameters)
2339 eliminateMaybeScopes(array[0 .. n]);
2343 if (funcdecl.parameters && !funcdecl.errors)
2345 assert(f.parameterList.length == funcdecl.parameters.length);
2346 foreach (u, p; f.parameterList)
2348 auto v = (*funcdecl.parameters)[u];
2349 if (!v.isScope() && v.type.hasPointers() && inferScope(v))
2351 //printf("Inferring scope for %s\n", v.toChars());
2352 p.storageClass |= STC.scope_ | STC.scopeinferred;
2359 inferScope(funcdecl.vthis);
2360 f.isScopeQual = funcdecl.vthis.isScope();
2361 f.isscopeinferred = !!(funcdecl.vthis.storage_class & STC.scopeinferred);
2365 /**********************************************
2366 * Have some variables that are maybescopes that were
2367 * assigned values from other maybescope variables.
2368 * Now that semantic analysis of the function is
2369 * complete, we can finalize this by turning off
2370 * maybescope for array elements that cannot be scope.
2372 * $(TABLE2 Scope Table,
2373 * $(THEAD `va`, `v`, =>, `va` , `v` )
2374 * $(TROW maybe, maybe, =>, scope, scope)
2375 * $(TROW scope, scope, =>, scope, scope)
2376 * $(TROW scope, maybe, =>, scope, scope)
2377 * $(TROW maybe, scope, =>, scope, scope)
2378 * $(TROW - , - , =>, - , - )
2379 * $(TROW - , maybe, =>, - , - )
2380 * $(TROW - , scope, =>, error, error)
2381 * $(TROW maybe, - , =>, scope, - )
2382 * $(TROW scope, - , =>, scope, - )
2385 * array = array of variables that were assigned to from maybescope variables
2387 private void eliminateMaybeScopes(VarDeclaration[] array)
2390 if (log) printf("eliminateMaybeScopes()\n");
2397 if (log) printf(" va = %s\n", va.toChars());
2398 if (!(va.maybeScope || va.isScope()))
2402 foreach (v; *va.maybes)
2404 if (log) printf(" v = %s\n", v.toChars());
2407 // v cannot be scope since it is assigned to a non-scope va
2408 notMaybeScope(v, va);
2409 if (!v.isReference())
2410 v.storage_class &= ~(STC.return_ | STC.returninferred);
2420 /************************************************
2421 * Is type a reference to a mutable value?
2423 * This is used to determine if an argument that does not have a corresponding
2424 * Parameter, i.e. a variadic argument, is a pointer to mutable data.
2426 * t = type of the argument
2428 * true if it's a pointer (or reference) to mutable data
2430 bool isReferenceToMutable(Type t)
2434 if (!t.isMutable() ||
2441 if (t.nextOf().isTypeFunction())
2448 if (t.nextOf().isMutable())
2453 return true; // even if the class fields are not mutable
2456 // Have to look at each field
2457 foreach (VarDeclaration v; t.isTypeStruct().sym.fields)
2459 if (v.storage_class & STC.ref_)
2461 if (v.type.isMutable())
2464 else if (v.type.isReferenceToMutable())
2478 /****************************************
2479 * Is parameter a reference to a mutable value?
2481 * This is used if an argument has a corresponding Parameter.
2482 * The argument type is necessary if the Parameter is inout.
2484 * p = Parameter to check
2485 * t = type of corresponding argument
2487 * true if it's a pointer (or reference) to mutable data
2489 bool isReferenceToMutable(Parameter p, Type t)
2491 if (p.isReference())
2493 if (p.type.isConst() || p.type.isImmutable())
2495 if (p.type.isWild())
2497 return t.isMutable();
2499 return p.type.isMutable();
2501 return isReferenceToMutable(p.type);
2504 /// When checking lifetime for assignment `va=v`, the way `va` encloses `v`
2505 private enum EnclosedBy
2508 refVar, // `va` is a `ref` variable, which may link to a global variable
2509 global, // `va` is a global variable
2510 returnScope, // `va` is a scope variable that may be returned
2511 longerScope, // `va` is another scope variable declared earlier than `v`
2514 /**********************************
2515 * Determine if `va` has a lifetime that lasts past
2516 * the destruction of `v`
2518 * va = variable assigned to
2519 * v = variable being assigned
2521 * The way `va` encloses `v` (if any)
2523 private EnclosedBy enclosesLifetimeOf(VarDeclaration va, VarDeclaration v)
2526 return EnclosedBy.none;
2529 return EnclosedBy.global;
2531 if (va.isScope() && va.isReturn() && !v.isReturn())
2532 return EnclosedBy.returnScope;
2534 if (va.isReference() && va.isParameter())
2535 return EnclosedBy.refVar;
2537 assert(va.sequenceNumber != va.sequenceNumber.init);
2538 assert(v.sequenceNumber != v.sequenceNumber.init);
2539 if (va.sequenceNumber < v.sequenceNumber)
2540 return EnclosedBy.longerScope;
2542 return EnclosedBy.none;
2545 /***************************************
2546 * Add variable `v` to maybes[]
2548 * When a maybescope variable `v` is assigned to a maybescope variable `va`,
2549 * we cannot determine if `this` is actually scope until the semantic
2550 * analysis for the function is completed. Thus, we save the data
2553 * v = a variable with `maybeScope == true` that was assigned to `this`
2555 private void addMaybe(VarDeclaration va, VarDeclaration v)
2557 //printf("add %s to %s's list of dependencies\n", v.toChars(), toChars());
2559 va.maybes = new VarDeclarations();
2563 // `setUnsafePreview` partially evaluated for dip1000
2564 bool setUnsafeDIP1000(Scope* sc, bool gag, Loc loc, const(char)* msg,
2565 RootObject arg0 = null, RootObject arg1 = null, RootObject arg2 = null)
2567 return setUnsafePreview(sc, global.params.useDIP1000, gag, loc, msg, arg0, arg1, arg2);
2570 /***************************************
2571 * Check that taking the address of `v` is `@safe`
2573 * It's not possible to take the address of a scope variable, because `scope` only applies
2574 * to the top level indirection.
2577 * v = variable that a reference is created
2578 * e = expression that takes the referene
2579 * sc = used to obtain function / deprecated status
2580 * gag = don't print errors
2582 * true if taking the address of `v` is problematic because of the lack of transitive `scope`
2584 private bool checkScopeVarAddr(VarDeclaration v, Expression e, Scope* sc, bool gag)
2586 if (v.storage_class & STC.temp)
2591 notMaybeScope(v, e);
2598 // When the type after dereferencing has no pointers, it's okay.
2599 // Comes up when escaping `&someStruct.intMember` of a `scope` struct:
2600 // scope does not apply to the `int`
2601 Type t = e.type.baseElemOf();
2602 if ((t.ty == Tarray || t.ty == Tpointer) && !t.nextOf().toBasetype().hasPointers())
2605 // take address of `scope` variable not allowed, requires transitive scope
2606 return sc.setUnsafeDIP1000(gag, e.loc,
2607 "cannot take address of `scope` variable `%s` since `scope` applies to first indirection only", v);
2610 /****************************
2611 * Determine if `v` is a typesafe variadic array, which is implicitly `scope`
2613 * v = variable to check
2615 * true if `v` is a variadic parameter
2617 private bool isTypesafeVariadicArray(VarDeclaration v)
2619 if (v.storage_class & STC.variadic)
2621 Type tb = v.type.toBasetype();
2622 if (tb.ty == Tarray || tb.ty == Tsarray)