add std.array.pointer as @safe alternative to .ptr#6231
add std.array.pointer as @safe alternative to .ptr#6231timotheecour wants to merge 1 commit intodlang:masterfrom
Conversation
timotheecour
requested review from
JackStouffer,
PetarKirov and
wilzbach
as code owners
|
Thanks for your pull request and interest in making D better, @timotheecour! We are looking forward to reviewing it, and you should be hearing from a maintainer soon.
Please see CONTRIBUTING.md for more information. If you have addressed all reviews or aren't sure how to proceed, don't hesitate to ping us with a simple comment. Bugzilla referencesYour PR doesn't reference any Bugzilla issue. If your PR contains non-trivial changes, please reference a Bugzilla issue or create a manual changelog. |
timotheecour
force-pushed
the
pr_pointer
branch
from
a4a3a43 to
9b07147
Compare
|
|
||
| /++ | ||
| Return `.ptr` or null for an array, mitigating the fact we can't use `.ptr` in @safe code. | ||
|
|
There was a problem hiding this comment.
Maybe add an explanatory note that a.ptr could be an invalid but non-null address if a was produced by slicing another array a = b[$ .. $], so it's clear to readers that this function is doing something that might prevent memory corruption and isn't just jumping through hoops to appease the compiler.
timotheecour
force-pushed
the
pr_pointer
branch
from
9b07147 to
e55fbdb
Compare
timotheecour
force-pushed
the
pr_pointer
branch
from
e55fbdb to
bef9ea1
Compare
std/array.d
Outdated
|
|
||
| /++ | ||
| Return `.ptr` or `null` for an array `a`, mitigating the fact we can't use `.ptr` in @safe code. | ||
| `a.ptr` could be an invalid but non-null address if `a` was produced as en empty |
No, stable shouldn't get new features. I'm OK with this addition. Ping @andralex for feedback on adding this one-liner. While it's trivial and easy to do with a |
|
I don't think this is behavior we should encourage. In pretty much all cases, you'd want to avoid |
|
@JackStouffer the impetus for this change was from here: https://forum.dlang.org/post/lqvihadaufwivbiigtqv@forum.dlang.org In any case, I'm also fine rejecting this, but it's at least correctly |
Even in non-safe code this is a better way to get the pointer for an array of unknown provenance. |
TBH this also seems like a contrived example. How often are C functions which take pointers marked as |
|
It's definitely a contrived example, But any time you want to pass a value by reference, it's going to be a pointer in C. This could be perfectly safe. I've seen many functions that have parameters of "pass in a pointer to X if you want it filled. If you pass in NULL the value is ignored". |
|
BTW, I agree this use is of very limited value. Even though I'm arguing that there are some use cases, and that it is indeed valid |
actually this'll lead to less efficient code compared to this PR (unless -noboundscheck is passed) so the alternative is not so nice |
timotheecour
changed the title
timotheecour
force-pushed
the
pr_pointer
branch
from
bef9ea1 to
f1259d9
Compare
Yes, I know. But it doesn't have to, the compiler could easily elide the bounds check in that expression. |
|
This pr is a strong no from me, but I'll leave it open for a while so everyone can have a say on it. As @schveiguy posted earlier, the idea is to bounds check |
|
We don't need this kind of one-liners catering to rare cases. The code can be inlined as needed. |
|
With a strong "no" from both the big guys, I think we can safely close this. Good news is, it's easy to do something like this in your project if you want it. @WalterBright would it be worth opening a bugzilla request for the bounds check to be elided on |
8 participants
.ptrfor a potentially empty slice in @safe code