https://issues.dlang.org/show_bug.cgi?id=21565
RazvanN <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #5 from RazvanN <[email protected]> --- (In reply to Steven Schveighoffer from comment #3) > A union between a pointer and integer is most definitely unsafe in all > instances. If you never intend to access the int*, in any circumstance, then > why have a union? It may be safe if the user sets the integer part with valid memory addresses. However, the compiler cannot know that. > If you do intend to access the int *, then having any safe code anywhere > just change the integer ruins the any safety assumptions that the @trusted > or @system code can make. Essentially, it means @trusted code can never > access such a union reliably except to access just the integer. Trusted does not offer any guarantees. You can do whatever you want there. If you want to access a pointer that is overlapped with an integer that is the users' problem not the typesystems'. You cannot assume anything with regards to that pointer, that is the reason why it is not allowed in @safe code. In case you do use and you have a segfault, then the developer will have to audit the trusted blocks, not the @safe ones. > This means that T is OK to use ONLY in @system code, or ONLY in @safe code, > but NEVER in @trusted code (unless you just follow the @safe rules). > > I don't feel like we should bend the spec over backwards to fit with the > implementation, when there isn't really a benefit (other than being able to > close a bug report). I think that this is an issue were reasonable people may disagree, but the fact is that @safe is checked with regards to operations not data structures. There is no concept of @safe union or @system union in D. It is the way you use it that makes it @safe/@system. From this point of view, setting an integer that is overlapped with a pointer is not unsafe, however accessing a pointer that is overlapped with an integer is. --
