On Sunday, 19 May 2013 at 18:46:31 UTC, Walter Bright wrote:
You also never provided any convincing solution to the safety
hole. We can't
even add check only on some edges cases as D also have values
types. The only
solution we are left with that is really safe is to null check
every dereference
or give up on @safe.
Please don't make us guess what exactly you mean by this.
This isn't new and I discussed that again and again.
When you dereference null, you hit the first plage, which is
protected on most systems. But if you access an element with
sufficient offset you bypass all protections provided by the type
system and you are back in unsafe world.
And no, putting nullcheck on access of field of sufficient offset
(as propose dby Andrei) isn't enough because we have value types.
Consider :
S[BIG_NUMBER]* a;
auto s = &(*a[SLIGHTLY_BELLOW_CHECK_OFFSET]);
s.fieldAccess; // May not have enough offset to trigget null
check, but still can be usnafe
See bug reports :
http://d.puremagic.com/issues/show_bug.cgi?id=3677
http://d.puremagic.com/issues/show_bug.cgi?id=5176
