On Wed, Jan 03, 2018 at 10:02:22PM +0000, Mark via Digitalmars-d-learn wrote: > The documentation says the modification of pointer values is not > allowed in safe functions. Yet the following compiles fine on dmd: > > void main() @safe > { > int* x = new int; > int* y = new int; > y=x; > } > > Is this simply a compiler bug?
No, this use of pointers is perfectly safe. @safe does not mean "no pointers". What is prohibited is: - casting integers into pointers: int* ptr = cast(int*) 0xdeadbeef; // not allowed in @safe *ptr = 100; // oops, overwriting arbitrary memory - arbitrary pointer arithmetic, like: int x; int* ptr = &x; ptr++; // not allowed in @safe *ptr = 100; // oops, overwriting arbitrary stack locations. - overlapping a pointer with something else in a union, like: union U { int x; int* ptr; } U u; u.x = 12345; *u.ptr = 100; // oops, overwriting arbitrary memory // Note: @safe allows *reading* u.x after assigning a pointer to // u.ptr, since you can't do anything unsafe with an int value; // you just can't get a pointer value out of the union. - casting pointers to pointers of a different type: char ch; char* p = &ch; int* ip = cast(int*) p; // not allowed in @safe *ip = 123; // oops, overwriting arbitrary stack locations - making arbitrary slices from a pointer: char[10] buf; char* p = &buf[0]; auto q = p[0 .. 100]; // not allowed in @safe q[99] = 100; // oops, overrunning end of buffer There are probably other examples, but you get the point. It's always OK to assign and dereference pointers in @safe code, because, barring a compiler bug or unrelated @system code wreaking havoc, it's not possible to get an invalid pointer value in @safe code. (The caveat is that @safe code may call @trusted code, which in turn may call @system code. So you really have to be sure that @trusted code is actually trustworthy, otherwise you *might* get an invalid pointer percolating into @safe code, and then all bets are off.) T -- Тише едешь, дальше будешь.