On 5/19/13 3:10 PM, deadalnix wrote:
On Sunday, 19 May 2013 at 18:46:31 UTC, Walter Bright wrote:
You also never provided any convincing solution to the safety hole.
We can't
even add check only on some edges cases as D also have values types.
The only
solution we are left with that is really safe is to null check every
dereference
or give up on @safe.
Please don't make us guess what exactly you mean by this.
This isn't new and I discussed that again and again.
When you dereference null, you hit the first plage, which is protected
on most systems. But if you access an element with sufficient offset you
bypass all protections provided by the type system and you are back in
unsafe world.
Oh, the good old "object of sufficient size". We know how to fix that.
And no, putting nullcheck on access of field of sufficient offset (as
propose dby Andrei) isn't enough because we have value types. Consider :
S[BIG_NUMBER]* a;
auto s = &(*a[SLIGHTLY_BELLOW_CHECK_OFFSET]);
s.fieldAccess; // May not have enough offset to trigget null check, but
still can be usnafe
See bug reports :
http://d.puremagic.com/issues/show_bug.cgi?id=3677
http://d.puremagic.com/issues/show_bug.cgi?id=5176
All of the above are variations on the "sufficiently large object" theme.
Andrei
