checkedint call removal

Andrei Alexandrescu via Digitalmars-d digitalmars-d at puremagic.com
Sun Aug 3 08:16:33 PDT 2014


On 8/3/14, 8:10 AM, Walter Bright wrote:
> On 8/2/2014 1:23 PM, Andrei Alexandrescu wrote:
>> Assume we choose that, there's still murky ground:
>>
>> @system fun(int[] p) {
>>     gun(p.ptr + p.length);
>> }
>>
>> @safe gun(int* p) {
>>     if (p) *p = 42;
>> }
>>
>> This passes semantic checking but is unsafe and unsafety is in the @safe
>> code. Well, that's fine, we might say. The problem is this works against
>> our stance that "inspect @system code by hand, @safe code will take care
>> of itself". The problem is that pointers just past the end have this
>> weird property "the pointer is okay but not for dereferencing".
>
> We could establish a rule for @safe that function arguments that are
> pointers must be pointers to valid memory, not past the end.

I think that's a good stance. -- Andrei



More information about the Digitalmars-d mailing list