What's the D equivalence?

tsbockman thomas.bockman at gmail.com
Fri Mar 5 21:09:38 UTC 2021


On Friday, 5 March 2021 at 15:22:51 UTC, Paul Backus wrote:
> On Friday, 5 March 2021 at 15:17:29 UTC, Imperatorn wrote:
>> On Friday, 5 March 2021 at 13:09:26 UTC, Jacob Carlborg wrote:
>>> One thing that is missing in D is runtime error on 
>>> dereferencing a null pointer. D relies on the platform to 
>>> trigger a segmentation fault. Of course, there are some 
>>> platforms that don't do that.
>>>
>>> --
>>> /Jacob Carlborg
>>
>> Ok, that's fine though imo.
>
> It's actually a bit problematic because @safe relies on the 
> fact that dereferencing a null pointer has defined behavior 
> (i.e., it crashes the program). On platforms that don't 
> guarantee this, D currently allows undefined behavior in @safe 
> code.

Also, the guard region is of finite size and can be bypassed to 
potentially silently corrupt memory when accessing the interior 
of a sufficiently large type:

void sowChaos(size_t length)(int[length]* ptr) @safe {
     (*ptr)[length - 1] = 0xBAD; }

If (int.sizeof * (length - 1)) happens to be the address of 
memory writable by the current process, this will do bad things.


More information about the Digitalmars-d mailing list