Deprecate implicit conversion between signed and unsigned integers
Walter Bright
newshound2 at digitalmars.com
Tue Feb 18 00:33:27 UTC 2025
On 2/17/2025 7:07 AM, Paul Backus wrote:
> On Monday, 17 February 2025 at 09:01:45 UTC, Walter Bright wrote:
>> @safe only bans memory corruption. 2's complement arithmetic is not UB.
>
> Dividing an integer by zero is UB according to the D spec [1], and it is allowed
> in @safe code.
>
> [1] https://dlang.org/spec/expression.html#division
That's correct. But it's not memory corruption, and requiring casts doesn't
address it.
The usual result is a signal is generated. These can be intercepted at the
user's discretion.
The compiler will flag an error if it can statically determine that the divisor
is zero. Runtime checks could be added, but since other languages don't do that,
it would put D at a competitive disadvantage.
As always, there are tradeoffs.
More information about the dip.ideas
mailing list