https://issues.dlang.org/show_bug.cgi?id=11176
--- Comment #14 from Steven Schveighoffer <[email protected]> --- (In reply to Nick Treleaven from comment #13) > The following is safe: > assert(elem.ptr is null); > > Even this is safe: > i = tmp.ptr - trailing.ptr; > > Both of these are from Phobos. We only need to prevent dereference of .ptr, > and aggressively so. But reading the pointer itself is OK so long as the > address doesn't escape to another pointer. I agree these could be possible rules that would be safe. However, this would be confusing, since pointer dereferencing is allowed in safe code. Is there a more reasonable way to explain this? I think it's easier to explain, and more consistent to just prevent access to ptr. Especially when there are workable alternatives. --
