Struct with default ctor (Was: [dmd-beta] dmd 2.064 beta take 2)
Andrei Alexandrescu
SeeWebsiteForEmail at erdani.org
Sun May 19 12:15:47 PDT 2013
On 5/19/13 3:10 PM, deadalnix wrote:
> On Sunday, 19 May 2013 at 18:46:31 UTC, Walter Bright wrote:
>>> You also never provided any convincing solution to the safety hole.
>>> We can't
>>> even add check only on some edges cases as D also have values types.
>>> The only
>>> solution we are left with that is really safe is to null check every
>>> dereference
>>> or give up on @safe.
>>
>> Please don't make us guess what exactly you mean by this.
>
> This isn't new and I discussed that again and again.
>
> When you dereference null, you hit the first plage, which is protected
> on most systems. But if you access an element with sufficient offset you
> bypass all protections provided by the type system and you are back in
> unsafe world.
Oh, the good old "object of sufficient size". We know how to fix that.
> And no, putting nullcheck on access of field of sufficient offset (as
> propose dby Andrei) isn't enough because we have value types. Consider :
>
> S[BIG_NUMBER]* a;
> auto s = &(*a[SLIGHTLY_BELLOW_CHECK_OFFSET]);
> s.fieldAccess; // May not have enough offset to trigget null check, but
> still can be usnafe
>
> See bug reports :
> http://d.puremagic.com/issues/show_bug.cgi?id=3677
> http://d.puremagic.com/issues/show_bug.cgi?id=5176
All of the above are variations on the "sufficiently large object" theme.
Andrei
More information about the Digitalmars-d
mailing list