Yet another leak in the sinking ship of @safe
Nick Treleaven via Digitalmars-d
digitalmars-d at puremagic.com
Tue Feb 23 06:45:09 PST 2016
On Tuesday, 23 February 2016 at 11:04:31 UTC, Nick Treleaven
wrote:
> Assuming we don't want to disallow slice.ptr in @safe code,
> maybe we could have the compiler insert this code before
> reading slice.ptr:
>
> version(D_NoBoundsChecks) else
> if (slice.length == 0) throw new RangeError("Unsafe .ptr on
> empty array");
Tweaking this a bit, a null .ptr dereference could arguably be
considered safe, so we could only throw when empty and non-null:
version(D_NoBoundsChecks) {} else
if (slice.length == 0 && slice.ptr)
throw new RangeError("Unsafe .ptr on empty array");
This could still sometimes break existing @safe code that only
wants to see if slice.ptr is null (and not dereference .ptr). If
the above were implemented, doing that might need a @trusted
wrapper:
@trusted bool isNull(T)(T[] slice){
return slice.ptr is null;
}
Instead comparing slice.ptr with null could be recognised and
safely allowed by the compiler, without the runtime check, so
long as .ptr doesn't escape.
More information about the Digitalmars-d
mailing list