[Issue 19916] union member access should be un- at safe

[d-bugmail at puremagic.com]

https://issues.dlang.org/show_bug.cgi?id=19916

--- Comment #14 from Manu <turkeyman at gmail.com> ---
> If we're going to prevent any language aspect that commonly causes bugs,
> then @safe should also disallow classic for-loops, unsigned numbers and
> null-pointers. 

You're seriously going to suggest that allowing functional access to
uninitialised memory is comparable to a for-loop... with a straight face?


> The goals and meaning of @safe are currently clear. Let's not change this by
> subjectively disabling other things that only 'feel' unsafe but really
> aren't with respect to memory corruption.

How can you argue that feeding uninitialised memory into ANY transformation
pipeline is @safe? Or only 'subjectively' broken?
Accessing uninitialised memory doesn't 'feel' unsafe, it's unsafe. No valid
result can appear from any process where the input is fed uninitialised data,
and it's the first and most obvious place any sane security engineer will look
for attack surface.

Anyway, we're done here.

--