Debug/Test mode in Windows has different behavior than release modes

[tgschultz]

const std = @import("std");
const builtin = @import("builtin");
const debug = std.debug;
const warn = debug.warn;

    
const Interface = struct
{
    addFn: fn(&Interface, u32) u32,
    mulFn: fn(&Interface, u32) u32,
    
    pub fn add(self: &Interface, y: u32) u32
    {
        return self.addFn(self, y);
    }
    
    pub fn mul(self: &Interface, y: u32) u32
    {
        return self.mulFn(self, y);
    }
};

const ThingInterface = struct
{
    const safety_scissors = (builtin.mode != builtin.Mode.ReleaseFast) or builtin.is_test;
    const signature = 0xDEADBEEF;
    
    sig: comptime switch(safety_scissors)
    {
        true => u32,
        else => void,
    },
    value: u32,
    _interface: Interface,
    
    pub fn init(v: u32) ThingInterface
    {
        return ThingInterface
        {
            .sig = switch(safety_scissors)
            {
                true => signature,
                else => void{},
            },
            .value = v,
            ._interface = Interface
            {
                .addFn = add,
                .mulFn = mul,
            },
        };
    }

    pub fn interface(self: &ThingInterface) &Interface
    {
        return &self._interface;
    }
    
    fn getSelf(int: &Interface) &ThingInterface
    {
        const self = @fieldParentPtr(ThingInterface, "_interface", int);
        if(!safety_scissors) return self;
        if(self.sig != signature) @panic("Interface used outside of parent!");
        return self;
    }
    
    pub fn add(int: &Interface, y: u32) u32
    {
        const self = getSelf(int);
        return self.value + y;
    }
    
    pub fn mul(int: &Interface, y: u32) u32
    {
        const self = getSelf(int);
        return self.value * y;
    }
    
};

fn getInterfaceForThing() &Interface
{
    var ti = ThingInterface.init(8);
    return ti.interface();
}

//test "Safer interface"
pub fn main() void
{
    var thing = ThingInterface.init(10);
    var int = thing.interface();
    warn("\n");
    warn("{}\n", int.add(5));
    warn("{}\n", int.mul(3));
    
    //asserts as expected
    //var broken_int = thing._interface;
    //warn("\n");
    //warn("{}\n", broken_int.add(5));
    //warn("{}\n", broken_int.mul(3));
    
    //This should fail... but it doesn't.
    //correctly fails on linux
    //correctly fails in release-fast/safe on win32
    //succeeds in debug/test on win32
    var other_broken_int = getInterfaceForThing();
    warn("\n");
    warn("{}\n", other_broken_int.add(5));
    warn("{}\n", other_broken_int.add(3));
}

The code above should assert in the case of other_broken_int (or at least cause an OS exception), however in the case of a debug build or a test on Windows it actually works just fine.

From the behavior, I would guess that Zig is using some Windows Structure Exception Handling in debug builds to catch things like Divide By Zero, and the filters weren't set correctly causing the exception that should be thrown here to be caught and ignored, allowing execution to continue.

However, I can't seem to find any SEH related symbols being referenced in the executable, so I'm at a loss.

[tgschultz]

This is probably just down to differing stack behavior between OSs and struct size between build modes. Sometimes I get "lucky" and the stack data is still there, other times I run into a stack protector or something. For whatever reason, in this simple test case, my expectation of the stack behavior aligned with reality in the majority of cases.

Unfortunately this means that this particular safety pattern isn't very helpful.