[Issue 22221] [dip1000] pure function can escape parameters through Exception

Tue Mar 8 20:29:49 UTC 2022

https://issues.dlang.org/show_bug.cgi?id=22221

--- Comment #6 from Dennis <dkorpel at live.nl> ---
(In reply to Atila Neves from comment #5)
> Are you sure about that? I checked out your branch some weeks ago and
> started adding scope to a *lot* of Phobos functions before I gave up.

Did you check out the latest Phobos? As of Dec 24, 2021
(https://github.com/dlang/phobos/pull/8214) the non-unittest build oh Phobos
compiles.

> I don't think we can consider it to be scope in one context but not in the other.

It's not that the language defines a `pure` function to have `scope`
parameters, it's a shortcut. The compiler thinks "`scope` inference failed, but
it's a `pure` function and can't return its parameters, so I'll let you pass
`scope` variables to it anyway". It's similar to pure factory functions
returning a mutable type but still allowing `@safe` conversion to immutable.
That also doesn't mean the language considers `pure` functions to always return
`immutable` data.

> My proposal is that we decide to implicitly add scope to the parameters of
> strongly pure functions.

An attribute should not introduce unrelated restrictions, that makes attribute
inference intractable like I mentioned in my previous reply. How are you
deciding between `pure` and `@safe` when you can only pick one, because `pure`
would invalidate `@safe` and vice versa? 

> The escape hatch would be to add a dummy parameter
> with mutable indirection to make it weakly pure.

How are you going to explain to D users why `enforce` now has an extra `null`
argument? "Okay, so the function would be strongly pure, and we decided that
this makes the parameters scope. Why? Well, because our scope inference is very
weak, so we made this shortcut using pure, which turns out doesn't work, but we
wanted to keep it anyway, so we added this weird language rule so it kind of
works again, but this now requires a `null` parameter here to break the
shortcut".

I think fixing issue 20674 will work out better.

> This is ugly but it's for a niche use-case and other than introducing a
> keyword or some way to mark the function as "pure but don't scope my params"

If you want to mark the function as "pure but don't scope my params", then mark
it `pure` and add `scope` to the parameters.

--