Shouldn't casting an object to void* be considered @safe?

ag0aep6g anonymous at example.com
Sun Dec 15 11:14:25 UTC 2019


On 15.12.19 10:32, Joseph Rushton Wakeling wrote:
> BTW, note that the spec defines a @safe function as one that has been 
> statically checked to exhibit no undefined behaviour.
> 
> Casting from an non-pointer type to a pointer seems a pretty good 
> example of something that makes it impossible to statically confirm that 
> no undefined behaviour is taking place.

The other side is saying it's possible for void*. It goes like this:

1) By itself, an invalid pointer doesn't exhibit UB.
2) Dereferencing an invalid pointer does exhibit UB.
3) There is no other way to trigger UB with an invalid pointer.
4) Dereferencing void* isn't allowed in @safe code.

Conclusion: An invalid void* cannot lead to UB in @safe code. So casting 
anything to void* can be allowed there.

I'm pretty sure that sentences 1, 2, and 4 are correct. Number 3 seems 
to be the interesting one. A counter-example (using an invalid pointer 
to trigger UB without dereferencing the pointer) would shut the argument 
down.


More information about the Digitalmars-d mailing list