[Issue 12573] Implicit immutable cast for ref/out argument of pure functions

Mon Apr 14 08:34:00 PDT 2014

https://issues.dlang.org/show_bug.cgi?id=12573

Steven Schveighoffer <schveiguy at yahoo.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |schveiguy at yahoo.com

--- Comment #1 from Steven Schveighoffer <schveiguy at yahoo.com> ---
I think it is dangerous to allow this. Allowing the implicit casting of a
return is OK, since you cannot modify the return via the mutable reference, but
allowing arbitrary assignment inside the function allows modifying the mutable
reference, breaking immutability.

If we consider the trivial case:

string foo2(in string s, ref string sout) pure nothrow
{
   auto s2 = s.dup;
   sout = s2; // this would potentially be allowed
   auto s3 = sout.idup; // copy the data
   s2[0] = 'a'; // now modified immutable data referenced by sout.
   return sout.idup; // could be changed to return s3?
}

Basically, the compiler can make the legal assumption that since s3 and sout
are immutable, and have not changed, calling idup on sout will reasonably
result in the same value that s3 has. It would be a legal optimization.
However, on return, sout has changed from what s3 contains, so the return value
may not be equivalent to sout.

A return does not have this vulnerability, since the function ends at a return
statement, and the cast is effectively occurring after the return. In fact, you
have no access to the return, so it's not possible to use it in a pure manner
inside the function.

I would recommend not allowing this, unless you could make more restrictive
rules. I'm not sure if it's worth it. May be better to focus on multiple return
values.

--