[Issue 21565] @safe code allows modification of a scalar that overlaps with a pointer
d-bugmail at puremagic.com
d-bugmail at puremagic.com
Thu Jan 21 16:39:00 UTC 2021
https://issues.dlang.org/show_bug.cgi?id=21565
--- Comment #7 from Steven Schveighoffer <schveiguy at gmail.com> ---
(In reply to Paul Backus from comment #4)
> The *intent* of the spec is clearly to allow code like this to be marked as
> @trusted. If the current wording of the spec does not allow that, then the
> spec's wording does not match its intent, and the wording should be changed.
I'm not disagreeing with the requirement that system/trusted code should be
needed to access aliased values. I'm disagreeing with the ability of safe code
to access any part of this. And the spec currently says that.
Consider this function:
void example(ref T t) @trusted;
This function has to assume that t only is valid as an integer, never as a
pointer. Because safe code can *only* access and/or mutate the integer. In that
case, what's the point of the union? Even in your example, you simply ignore
the parameter (it might as well not be there).
Not only that, but even if it sets the pointer in t, it must be automatically
assumed once the function ends that the pointer value is no longer valid (it
went back into safe-land where the code can happily mutate anything it wants in
t). The union becomes an unnecessarily complicated integer.
the current rules are sound, just nonsensical. It makes such unions pointless
when writing safe code.
--
More information about the Digitalmars-d-bugs
mailing list