checkedint call removal
Artur Skawina via Digitalmars-d
digitalmars-d at puremagic.com
Sat Aug 2 09:28:40 PDT 2014
On 08/02/14 17:08, Andrei Alexandrescu via Digitalmars-d wrote:
> On 8/2/14, 5:44 AM, Artur Skawina via Digitalmars-d wrote:
>> auto fx(ubyte* p, size_t len) @safe {
>> assert_(len>0);
>> if (len>=1)
>> return p[0];
>> return -1;
>> }
>
> As an aside I think it's a bug that this function passes @safe. It should not be able to safely dereference the pointer because it may be e.g. just past the end of the array. Has this been submitted as a bug?
Dereferencing a pointer shouldn't be disallowed -- it would make @safe
almost unusable when dealing with structs. As long as it's impossible
to obtain an invalid pointer (or one with a longer lifetime than the
object it points to) _within_ @safe, it is, well, safe.
Dereferencing a null ptr is an error, but it's not a memory safety
violation.
[Before somebody claims that this means that the assume-based
transformation of the above function isn't a problem -- this is just
the a simple example; I didn't want to clutter it up with a @trusted
helper that would handle the data access. The bounds check would be
optimized away in that case too.]
artur
More information about the Digitalmars-d
mailing list