The Foreach Restrictions section in the Statements spec says the following:
The aggregate itself must not be resized, reallocated, free'd, reassigned or destructed while foreach is iterating over the elements.
'Must not' sounds like it will generate an error, but the example following this paragraph shows that it is not an error at all. The spec does not explicitly say what will happen if you do. This vaguely implies that it is undefined behaviour, however this note at the end of the section seems to contradict that idea:
Note: Resizing or reassigning a dynamic or associative array during foreach is still @safe.
A function with a safe interface is not allowed to exhibit undefined behaviour, so either this note is trying to convey that this is a hole in @safe (but it doesn't say that), or this is not UB, or it's an otherwise undocumented exception to the safe interface rules. Either way, this section needs to be more explicit about what it is trying to say.
The Foreach Restrictions section in the Statements spec says the following:
'Must not' sounds like it will generate an error, but the example following this paragraph shows that it is not an error at all. The spec does not explicitly say what will happen if you do. This vaguely implies that it is undefined behaviour, however this note at the end of the section seems to contradict that idea:
A function with a safe interface is not allowed to exhibit undefined behaviour, so either this note is trying to convey that this is a hole in
@safe(but it doesn't say that), or this is not UB, or it's an otherwise undocumented exception to the safe interface rules. Either way, this section needs to be more explicit about what it is trying to say.