www.digitalmars.com         C & C++   DMDScript  

digitalmars.D.bugs - [Issue 15932] New: Get rid of the implicit slicing of static arrays


          Issue ID: 15932
           Summary: Get rid of the implicit slicing of static arrays
           Product: D
           Version: D2
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P1
         Component: dmd
          Assignee: nobody puremagic.com
          Reporter: issues.dlang jmdavisProg.com

Short version: Slicing static arrays is unsafe and should not be done
implicitly, because it becomes too easy to miss what's going on and screw it
up. So, we really should remove the implicit slicing of static arrays from the
language (obviously, by deprecating it first, and then actually removing it at
some point in the future).

Long version: Slicing a static array is an inherently unsafe operation. It's
taking the address of a variable (usually, a local variable). Unfortunately,
thanks to issue# 8838, it's consider  safe, whereas taking the address of a
local variable is considered  system (even though they're essentially the same
operation). Once issue# 8838 has been fixed, then any slicing of static arrays
- be it implicit or explicit - will be flagged as  system and therefore will
require  trusted to be considered  safe. However, if  safe isn't being used or
if there are multiple operations within a function which are  system, it's very
easy for a programmer to not realize that a static array is being sliced. And
such a function might be marked as  trusted due to the other  system operations
in the function being fine whereas the implicit slicing is missed.

Being able to slice a static array to get a dynamic array is critical for a lot
of code, but saving the programmer typing those two characters - [] - runs a
high risk of making it non-obvious that the slicing is occurring, and given the
high odds of operating on invalid memory when not being very careful about how
you deal with a slice of a static array, I _really_ don't think that saving
those two characters is worth the risk that it poses. We've made it too easy to
do a very unsafe operation without even noticing that it's happening.

So, I think that we should deprecate the implicit slicing of static arrays and
then later remove it outright. The eventual code breakage might be annoying,
but it'll catch bugs - memory corruption bugs no less - and I think that it
will be very much worth it.

Apr 15 2016