https://issues.dlang.org/show_bug.cgi?id=11176
--- Comment #9 from Kenji Hara <[email protected]> --- One another way I can think is, array.ptr property would add a hidden check `arr.length != 0` under @safe code, then returns `null` instead when the length is 0. @safe ubyte* oops1(ubyte[] b) { return b.ptr; } @safe ubyte oops2(ubyte[] b) { return *b.ptr; } void main() { auto b = new ubyte[42]; assert(oops1(b[0 .. $]) is &b[0]); assert(oops1(b[0 .. 1]) is &b[0]); assert(oops1(b[0 .. 0]) is null); // the 'safer' behavior // With the proposed behavior, this call will cause null pointer dereference, // then it's deterministic and does not cause undefined behavior. oops2(b[0 .. 0]); } --
