• via Digitalmars-d-bugs (38/38) Jul 11 2016 https://issues.dlang.org/show_bug.cgi?id=16266

via Digitalmars-d-bugs <digitalmars-d-bugs puremagic.com> writes:

https://issues.dlang.org/show_bug.cgi?id=16266

          Issue ID: 16266
           Summary:  safe functions may dereference non-dereferenceable
                    pointers
           Product: D
           Version: D2
          Hardware: x86_64
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P1
         Component: dmd
          Assignee: nobody puremagic.com
          Reporter: andrei erdani.com

Consider:


 safe
int foo(int *iPtr) {
    return *iPtr;
}

 safe
int bar(int[] iSlice) {
    return foo(iSlice.ptr);
}


 safe int[] baz(int[] a) {
    return bar(a[$ .. $]; 
}

Calling baz with any array will end up passing a non-dereferenceable pointer to
foo. This corner case needs to be addressed. There are a few possibilities:

1. Simply disallow taking .ptr for any array in  safe code.

2. Insert a runtime check whenever array.ptr is passed into a  safe function
(array must be non-empty). 

3. Require flow, for example this could be made legal:

 safe
int bar(int[] iSlice) {
    return iSlice.empty ? 42 : foo(iSlice.ptr);
}

Probably (2) would be the best all things considered.

--