On Thu, Apr 24, 2014 at 7:29 PM, Steve Haflich shaflich@gmail.com wrote:
Take for example aref, which might be used to extract octets of characters or whatever from a buffer. aref makes no guarantees even in safe code that it will signal bad array bounds.
I've long thought that was an oversight, though now that you point it out, I realize I must have been mistaken.
Still, it surprises me. I don't know of any implementation that doesn't bounds-check aref under normal speed/safety settings, and clearly, users expect them to do so. It seems a little pedantic to insist that the _language_ isn't safe in this respect even when all known implementations are. (Am I wrong about that?)
And for the record I disagree with the committee's decision. Bounds checking aref etc. _should_ be required at safety 3 (and along with that, there should be a standardized bounds-error condition type). The reasoning behind the committee's choice here eludes me.
-- Scott