introspection-based use of %instance-ref and type-checking
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
SBCL |
New
|
Undecided
|
Unassigned |
Bug Description
Uses of %INSTANCE-REF and/or its raw slot variants generally disregard DSD-SAFE-P.
Conceivably we could strengthen some of these for SAFETY 3.
The places I see at first glance:
- COPY-STRUCTURE
- PSXHASH and EQUALP
- MAYBE-EMIT-
(internal use, but essentially exposed via the observable behavior)
- DO-REFERENCED-
Example:
(defstruct person id)
(defstruct (spy (:include person (id " " :type (simple-string 2)))) gadgetry)
(let ((s (make-spy :id "86" :gadgetry '(shoe-phone))))
(setf (person-id s) "max")
(copy-structure s))
=> #S(SPY :ID "max" :GADGETRY (SHOE-PHONE))
where we know that SPY-ID on the resultant object would fail.
So ostensibly COPY-STRUCTURE has both read and written the illegal value and did not signal an error in either case. It has been this way essentially forever.
Recent change https:/
As to whether it should be an error to take an object that has been so constructed as the example above and insert it into an EQUALP hash-table, I can't see failing in (SETF GETHASH) as useful.
Is it mandated that it fail? We might never call EQUALP if no <k,v> matched on hash, and the hash function might not mix in the slot which is type-incorrect because of the depthoid cutoff.
I think though that MAYBE-EMIT-