@@ -4068,15 +4068,15 @@ $(H3 $(LNAME2 safe-values, Safe Values))
40684068
40694069 $(P A pointer is a safe value when it is one of:)
40704070 $(OL
4071- $(LI `null`)
4071+ $(LI `null` - $(RELATIVE_LINK2 null-dereferences, see below) )
40724072 $(LI it points to a memory object that is live and
40734073 the pointed to value in that memory object is safe.)
40744074 )
40754075 $(P Examples:)
40764076 $(SPEC_RUNNABLE_EXAMPLE_RUN
40774077 ---
4078- int* n = null; /* n is safe because dereferencing null is a well-defined
4079- crash . */
4078+ int* n = null; /* n is safe because dereferencing null must either crash
4079+ or abort . */
40804080 int* x = cast(int*) 0xDEADBEEF; /* x is (most likely) unsafe because it
40814081 is not a valid pointer and cannot be dereferenced. */
40824082
@@ -4168,6 +4168,22 @@ $(H3 $(LNAME2 safe-values, Safe Values))
41684168 expected by the function.)
41694169 )
41704170
4171+ $(H3 $(LNAME2 null-dereferences, Null Dereferences))
4172+
4173+ $(P When generating `@safe` code, a compliant implementation:)
4174+
4175+ - Must not assume that a null dereference will not occur. Optimizations
4176+ that require that assumption cannot be used for `@safe` functions.
4177+ - Must generate code that will detect and abort execution:
4178+ - When a null dereference occurs on systems that by default do not protect
4179+ access to the first page of memory addresses. (Note that e.g. calling
4180+ [`mprotect`](https://pubs.opengroup.org/onlinepubs/007904875/functions/mprotect.html)
4181+ is `@system`).
4182+ - On all systems when an expression causes a null pointer to be indexed,
4183+ causing a memory access that is not prevented by the system.
4184+ $(RED Warning:) $(TT dmd)
4185+ [has not implemented](https://github.com/dlang/dmd/issues/17776) this yet.
4186+
41714187$(H3 $(LNAME2 safe-aliasing, Safe Aliasing))
41724188
41734189 $(P When one memory location is accessible with two different types, that
0 commit comments