Discussion Thread: DIP 1035-- at system Variables--Community Review Round 2
Dukc
ajieskola at gmail.com
Wed Mar 3 12:54:53 UTC 2021
On Tuesday, 2 March 2021 at 20:46:17 UTC, Atila Neves wrote:
> On Monday, 1 March 2021 at 21:26:18 UTC, Paul Backus wrote:
>> On Monday, 1 March 2021 at 20:55:40 UTC, Atila Neves wrote:
>>> On Thursday, 25 February 2021 at 09:21:20 UTC, Mike Parker
>>> wrote:
>>>> This is the discussion thread for the second round of
>>>> Community Review of DIP 1035, "@system Variables":
>>>>
>>>> [...]
>>>
>>> "pointers, arrays, and other reference types are unsafe"
>>>
>>> This confused me. Pointers aren't unsafe unless you got one
>>> from @system code. Could you clarify please?
>>
>> The language here is sloppy, but the intent is to refer to
>> pointer *types*, not pointer *values*. It should read,
>> "pointer types, dynamic array types, and other reference types
>> are unsafe."
>
> Pointer types *can* be unsafe, if the values came from @system
> code. Otherwise they're perfectly safe.
The correct wording to this is: pointer *values* can be unsafe if
they come from `@system` code, therefore pointer *types* are
unsafe, as defined by this DIP. When the DIP talks about unsafe
type, it really means only potentially unsafe type.
> Slices (dynamic arrays) are slightly different because of the
> necessity of bounds checks.
They are not. `(ubyte*).init[0xBAA..0xBEE]` is just as unsafe as
`cast(int*)0xDEADBEEF`, regardless of whether there are bound
checks when accessing it. Bounds checked access is safe only if
the value is safe, just as with pointer dereference.
But deferencing a pointer is fine in @safe code - the
> possibilities are:
>
> * it came from the GC.
> * is the address of a module-level variable.
> * is a scoped address on the stack.
> * is null.
>
> Am I missing a case?
These are all true. The intention of the DIP is that you could
make user-defined types that behave the same way - that `@safe`
would guarantee they will not have unsafe values.
Think about defining a 16-bit pointer for 32-bit or 64-bit
architecture. If you now declare it as `struct ptr16{private
short handle;}` you will not be able to make it work in @safe
code, as it can be void-initialized with wrong values. You'll
have to do something like `union ptr16{short handle; void[2]
unsafeMarker;}` instead.
More information about the Digitalmars-d
mailing list