[Issue 18529] .ptr on arrays can no longer be used in @safe code prevents valid code
d-bugmail at puremagic.com
d-bugmail at puremagic.com
Tue Feb 27 14:14:49 UTC 2018
https://issues.dlang.org/show_bug.cgi?id=18529
Steven Schveighoffer <schveiguy at yahoo.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |schveiguy at yahoo.com
--- Comment #10 from Steven Schveighoffer <schveiguy at yahoo.com> ---
(In reply to anonymous4 from comment #8)
> Should go through trusted wrapper.
> printf is a @system function and can't be called from safe code, arguments
> don't even matter.
Yes, most of this argument is moot unless you find a better example.
The rational behind disallowing .ptr is simple: We want to be able to use
pointers in safe D (disallowing them is too crippling). To that end we allow
dereferencing a pointer, but not indexing a pointer.
In order for this to work, we must ensure that safe code cannot create a
dangling pointer. That is, the pointer MUST point at valid data, or point at
null.
An array with zero length does not generate a known-valid pointer with .ptr,
therefore it's disallowed. Using &arr[0] works because it's first
bounds-checked that the first element exists.
--
More information about the Digitalmars-d-bugs
mailing list