On 08/02/14 17:08, Andrei Alexandrescu via Digitalmars-d wrote: > On 8/2/14, 5:44 AM, Artur Skawina via Digitalmars-d wrote: >> auto fx(ubyte* p, size_t len) @safe { >> assert_(len>0); >> if (len>=1) >> return p[0]; >> return -1; >> } > > As an aside I think it's a bug that this function passes @safe. It should not > be able to safely dereference the pointer because it may be e.g. just past > the end of the array. Has this been submitted as a bug?
Dereferencing a pointer shouldn't be disallowed -- it would make @safe almost unusable when dealing with structs. As long as it's impossible to obtain an invalid pointer (or one with a longer lifetime than the object it points to) _within_ @safe, it is, well, safe. Dereferencing a null ptr is an error, but it's not a memory safety violation. [Before somebody claims that this means that the assume-based transformation of the above function isn't a problem -- this is just the a simple example; I didn't want to clutter it up with a @trusted helper that would handle the data access. The bounds check would be optimized away in that case too.] artur