On 8/2/2014 1:23 PM, Andrei Alexandrescu wrote:
Assume we choose that, there's still murky ground:@system fun(int[] p) { gun(p.ptr + p.length); } @safe gun(int* p) { if (p) *p = 42; } This passes semantic checking but is unsafe and unsafety is in the @safe code. Well, that's fine, we might say. The problem is this works against our stance that "inspect @system code by hand, @safe code will take care of itself". The problem is that pointers just past the end have this weird property "the pointer is okay but not for dereferencing".
We could establish a rule for @safe that function arguments that are pointers must be pointers to valid memory, not past the end.
