Safer D first draft
Dukc
ajieskola at gmail.com
Fri Oct 4 09:44:33 UTC 2024
On Tuesday, 24 September 2024 at 19:23:57 UTC, Quirin Schroll
wrote:
>
> Maybe `Expression.ptr` can be `@safe` if the compiler can
> statically prove that `Expression` has non-zero length or is a
> string literal (which is always zero-terminated).
I don't think that's a good idea.
First off, it makes it implementation-defined if a particular
piece of code complies. When you have `someString.ptr`, It might
be that compiler A figures out `someString` is never `""`, but
compiler B doesn't. Therefore, A will accept it in a `@safe`
function, B won't. Worse, if the function has attribute
auto-inference, A and B will infer different attributes for the
function, leading to confusing breakage when switching compilers.
Second, you can work around this by writing `&Expression[0]`. If
the compiler could figure out that `Expression.ptr` would be
safe, it can just as well figure out that bounds checks for
`&Expression[0]` aren't needed.
More information about the dip.development
mailing list