• Jacob Shtokolov (16/20) Sep 08 2018 So, modification of pointer values is prohibited (if I understand
• Neia Neutuladh (14/16) Sep 08 2018 @safe code can't manipulate the pointer itself, in order to avoid
• Jonathan M Davis (12/28) Sep 11 2018 Also, mutating the data that a pointer points to is not mutating the

Jacob Shtokolov <jacob.100205 gmail.com> writes:

Hi,

According to the docs: https://dlang.org/spec/memory-safe-d.html

 Memory-safe code cannot use certain language features, such as:

    Casts that break the type system.
    Modification of pointer values.
    Taking the address of a local variable or function parameter.

So, modification of pointer values is prohibited (if I understand 
this sentence correctly).
However, this code compiles (and will cause a segfault of 
course): https://run.dlang.io/is/HrUKMy

     import std.stdio;

      safe void main()
     {
         int *a;
         *a = 10;

         writeln(a);
     }

I'm still learning D so very likely misunderstood something, but 
isn't that a bug?

Thanks!

Neia Neutuladh <neia ikeran.org> writes:

On Saturday, 8 September 2018 at 17:01:33 UTC, Jacob Shtokolov 
wrote:
 So, modification of pointer values is prohibited (if I 
 understand this sentence correctly).

 safe code can't manipulate the pointer itself, in order to avoid 
memory corruption.

So this is forbidden:

void main()  safe
{
   int* p = malloc(512);
   p++;
}

But in  safe code, the compiler assumes that all pointers you 
receive are valid. And the null pointer is also valid -- 
dereferencing it results in a segmentation fault rather than 
memory corruption.

Jonathan M Davis <newsgroup.d jmdavisprog.com> writes:

On Saturday, September 8, 2018 11:06:20 AM MDT Neia Neutuladh via 
Digitalmars-d wrote:
 On Saturday, 8 September 2018 at 17:01:33 UTC, Jacob Shtokolov

 wrote:
 So, modification of pointer values is prohibited (if I
 understand this sentence correctly).

  safe code can't manipulate the pointer itself, in order to avoid
 memory corruption.

 So this is forbidden:

 void main()  safe
 {
    int* p = malloc(512);
    p++;
 }

 But in  safe code, the compiler assumes that all pointers you
 receive are valid. And the null pointer is also valid --
 dereferencing it results in a segmentation fault rather than
 memory corruption.

Also, mutating the data that a pointer points to is not mutating the
pointer. So,

*foo = 42;

is not mutating a pointer, whereas

++foo;

would be. So, the first is allowed in  safe code, whereas the second is not.

BTW, if you have questions about D, please ask them in D.Learn. This
newsgroup / mailing list / forum is intended for general discussion on D,
not for answering questions about how the language works.

- Jonathan M Davis