dlang · ntrel · May 4, 2025
@@ -4069,15 +4069,15 @@ $(H3 $(LNAME2 safe-values, Safe Values))
 
         $(P A pointer is a safe value when it is one of:)
         $(OL
-            $(LI `null`)
+            $(LI `null` - $(RELATIVE_LINK2 null-dereferences, see below))
             $(LI it points to a memory object that is live and
             the pointed to value in that memory object is safe.)
         )
         $(P Examples:)
         $(SPEC_RUNNABLE_EXAMPLE_RUN
         ---
-        int* n = null; /* n is safe because dereferencing null is a well-defined
-            crash. */
+        int* n = null; /* n is safe because dereferencing null must either crash
+            or abort. */
         int* x = cast(int*) 0xDEADBEEF; /* x is (most likely) unsafe because it
             is not a valid pointer and cannot be dereferenced. */
 
@@ -4169,6 +4169,22 @@ $(H3 $(LNAME2 safe-values, Safe Values))
             expected by the function.)
         )
 
+$(H3 $(LNAME2 null-dereferences, Null Dereferences))
+
+        $(P When generating `@safe` code, a compliant implementation:)
+
+        - Must not assume that a null dereference will not occur. Optimizations
+          that require that assumption cannot be used for `@safe` functions.
+        - Must generate code that will detect and abort execution:
+          - When a null dereference occurs on systems that by default do not protect
+            access to the first page of memory addresses. (Note that e.g. calling
+            [`mprotect`](https://pubs.opengroup.org/onlinepubs/007904875/functions/mprotect.html)
+            is `@system`).
+          - On all systems when an expression causes a null pointer to be indexed,
+            causing a memory access that is not prevented by the system.
+            $(RED Warning:) $(TT dmd)
+            [has not implemented](https://github.com/dlang/dmd/issues/17776) this yet.
+
 $(H3 $(LNAME2 safe-aliasing, Safe Aliasing))
 
     $(P When one memory location is accessible with two different types, that