• Mark (9/9) Jan 03 2018 The documentation says the modification of pointer values is not
• Adam D. Ruppe (2/4) Jan 03 2018 I think that refers to like x++ rather than x=y.
• Jonathan M Davis (7/16) Jan 03 2018 Where are you reading that in the documentation? There's nothing unsafe
• Mark (7/29) Jan 03 2018 https://dlang.org/spec/function.html#safe-functions
• Jonathan M Davis (4/39) Jan 03 2018 Then the spec needs to be clarified. Assignment is fine but other types ...
• H. S. Teoh (7/18) Jan 03 2018 Here's my attempt to clarify it:
• Mark (4/22) Jan 04 2018 Okay, that's clear now.
• H. S. Teoh (43/54) Jan 03 2018 No, this use of pointers is perfectly safe. @safe does not mean "no

Mark <smarksc gmail.com> writes:

The documentation says the modification of pointer values is not 
allowed in safe functions. Yet the following compiles fine on dmd:

void main()  safe
{
	int* x = new int;
	int* y = new int;
	y=x;
}

Is this simply a compiler bug?

Adam D. Ruppe <destructionator gmail.com> writes:

On Wednesday, 3 January 2018 at 22:02:22 UTC, Mark wrote:
 The documentation says the modification of pointer values is 
 not allowed in safe functions.

I think that refers to like x++ rather than x=y.

Jonathan M Davis <newsgroup.d jmdavisprog.com> writes:

On Wednesday, January 03, 2018 22:02:22 Mark via Digitalmars-d-learn wrote:
 The documentation says the modification of pointer values is not
 allowed in safe functions. Yet the following compiles fine on dmd:

 void main()  safe
 {
   int* x = new int;
   int* y = new int;
   y=x;
 }

 Is this simply a compiler bug?

Where are you reading that in the documentation? There's nothing unsafe
whatsoever about assigning one pointer to another.

Now, pointer arithmetic is unsafe, and that's forbidden in  safe functions.
So, I suspect that you're ether misunderstanding the documentation and/or
the documentation isn't clear enough.

- Jonathan M Davis

Mark <smarksc gmail.com> writes:

On Wednesday, 3 January 2018 at 22:12:01 UTC, Jonathan M Davis 
wrote:
 On Wednesday, January 03, 2018 22:02:22 Mark via 
 Digitalmars-d-learn wrote:
 The documentation says the modification of pointer values is 
 not allowed in safe functions. Yet the following compiles fine 
 on dmd:

 void main()  safe
 {
   int* x = new int;
   int* y = new int;
   y=x;
 }

 Is this simply a compiler bug?

 Where are you reading that in the documentation? There's 
 nothing unsafe whatsoever about assigning one pointer to 
 another.

 Now, pointer arithmetic is unsafe, and that's forbidden in 
  safe functions. So, I suspect that you're ether 
 misunderstanding the documentation and/or the documentation 
 isn't clear enough.

 - Jonathan M Davis

https://dlang.org/spec/function.html#safe-functions

"The following operations are not allowed in safe functions:

[...]
- No modification of pointer values.
[...]"

Jonathan M Davis <newsgroup.d jmdavisprog.com> writes:

On Wednesday, January 03, 2018 22:25:16 Mark via Digitalmars-d-learn wrote:
 On Wednesday, 3 January 2018 at 22:12:01 UTC, Jonathan M Davis

 wrote:
 On Wednesday, January 03, 2018 22:02:22 Mark via

 Digitalmars-d-learn wrote:
 The documentation says the modification of pointer values is
 not allowed in safe functions. Yet the following compiles fine
 on dmd:

 void main()  safe
 {

   int* x = new int;
   int* y = new int;
   y=x;

 }

 Is this simply a compiler bug?

 Where are you reading that in the documentation? There's
 nothing unsafe whatsoever about assigning one pointer to
 another.

 Now, pointer arithmetic is unsafe, and that's forbidden in
  safe functions. So, I suspect that you're ether
 misunderstanding the documentation and/or the documentation
 isn't clear enough.

 - Jonathan M Davis

 https://dlang.org/spec/function.html#safe-functions

 "The following operations are not allowed in safe functions:

 [...]
 - No modification of pointer values.
 [...]"

Then the spec needs to be clarified. Assignment is fine but other types of
mutation are not.

- Jonathan M Davis

"H. S. Teoh" <hsteoh quickfur.ath.cx> writes:

On Wed, Jan 03, 2018 at 03:42:07PM -0700, Jonathan M Davis via
Digitalmars-d-learn wrote:
 On Wednesday, January 03, 2018 22:25:16 Mark via Digitalmars-d-learn wrote:

[...]
 https://dlang.org/spec/function.html#safe-functions

 "The following operations are not allowed in safe functions:

 [...]
 - No modification of pointer values.
 [...]"

 
 Then the spec needs to be clarified. Assignment is fine but other
 types of mutation are not.

Here's my attempt to clarify it:

	https://github.com/dlang/dlang.org/pull/2050


T

-- 
PNP = Plug 'N' Pray

Mark <smarksc gmail.com> writes:

On Wednesday, 3 January 2018 at 23:49:33 UTC, H. S. Teoh wrote:
 On Wed, Jan 03, 2018 at 03:42:07PM -0700, Jonathan M Davis via 
 Digitalmars-d-learn wrote:
 On Wednesday, January 03, 2018 22:25:16 Mark via 
 Digitalmars-d-learn wrote:

 [...]
 https://dlang.org/spec/function.html#safe-functions

 "The following operations are not allowed in safe functions:

 [...]
 - No modification of pointer values.
 [...]"

 
 Then the spec needs to be clarified. Assignment is fine but 
 other types of mutation are not.

 Here's my attempt to clarify it:

 	https://github.com/dlang/dlang.org/pull/2050


 T

Okay, that's clear now.

Ali's book wasn't clear on that either ("Pointers cannot be 
mutated"). I'll ask him to clarify it.

"H. S. Teoh" <hsteoh quickfur.ath.cx> writes:

On Wed, Jan 03, 2018 at 10:02:22PM +0000, Mark via Digitalmars-d-learn wrote:
 The documentation says the modification of pointer values is not
 allowed in safe functions. Yet the following compiles fine on dmd:
 
 void main()  safe
 {
 	int* x = new int;
 	int* y = new int;
 	y=x;
 }
 
 Is this simply a compiler bug?

No, this use of pointers is perfectly safe.   safe does not mean "no
pointers".  What is prohibited is:

- casting integers into pointers:

	int* ptr = cast(int*) 0xdeadbeef; // not allowed in  safe
	*ptr = 100; // oops, overwriting arbitrary memory

- arbitrary pointer arithmetic, like:

	int x;
	int* ptr = &x;
	ptr++; // not allowed in  safe
	*ptr = 100; // oops, overwriting arbitrary stack locations. 

- overlapping a pointer with something else in a union, like:

	union U {
		int x;
		int* ptr;
	}
	U u;
	u.x = 12345;
	*u.ptr = 100; // oops, overwriting arbitrary memory

	// Note:  safe allows *reading* u.x after assigning a pointer to
	// u.ptr, since you can't do anything unsafe with an int value;
	// you just can't get a pointer value out of the union.

- casting pointers to pointers of a different type:

	char ch;
	char* p = &ch;
	int* ip = cast(int*) p; // not allowed in  safe
	*ip = 123; // oops, overwriting arbitrary stack locations

- making arbitrary slices from a pointer:

	char[10] buf;
	char* p = &buf[0];
	auto q = p[0 .. 100]; // not allowed in  safe
	q[99] = 100; // oops, overrunning end of buffer

There are probably other examples, but you get the point.

It's always OK to assign and dereference pointers in  safe code,
because, barring a compiler bug or unrelated  system code wreaking
havoc, it's not possible to get an invalid pointer value in  safe code.

(The caveat is that  safe code may call  trusted code, which in turn may
call  system code. So you really have to be sure that  trusted code is
actually trustworthy, otherwise you *might* get an invalid pointer
percolating into  safe code, and then all bets are off.)


T

-- 
Тише едешь, дальше будешь.