escaping addresses of ref parameters - not

Denis Koroskin 2korden at gmail.com
Sun Feb 8 22:07:09 PST 2009


On Mon, 09 Feb 2009 06:39:36 +0300, Andrei Alexandrescu <SeeWebsiteForEmail at erdani.org> wrote:

> Hey,
>
>
> I've been doing a hecatomb of coding in D lately, and had an insight  
> that I think is pretty cool. Consider:
>
> struct Widget
> {
>      private Midget * m;
>      ...
>      this(ref Midget mdgt) { m = &mdgt; ... }
> }
>
> It's a rather typical pattern in C++ for forwarding objects that need to  
> store a reference/pointer to their parent and also nicely warn their  
> user that a NULL pointer won't do.
>
> But I'm thinking this is unduly dangerous because the unwitting user can  
> easily get all sorts of wrong code to compile:
>
> Widget makeACoolWidget()
> {
>      Midget coolMidget;
>      return Widget(coolMidget); // works! or...?
> }
>
> The compiler's escape detection mechanism can't help quite a lot here  
> because the escape hatch is rather indirect.
>
> Initially I thought SafeD should prevent such escapes, whereas D allows  
> them. Now I start thinking the pattern above is dangerous enough to be  
> disallowed in all of D. How about this rule?
>
> ***************
> Rule: ref parameters are PASS-DOWN and RETURN only. No escaping of  
> addresses of ref parameters is allowed. If you want to escape the  
> address of a ref parameter, use a pointer in the first place.
> ***************
>
> This rule is powerful and leads to an honest style of programming: if  
> you plan on escaping some thing's address, you make that clear in the  
> public signature. The fix to the idiom above is:
>
> struct Widget
> {
>      private Midget * m;
>      ...
>      this(Midget * mdgt) { enforce(mdgt); m = mdgt; ... }
> }
>
> Widget makeACoolWidget()
> {
>      auto coolMidget = new Midget;
>      return Widget(coolMidget); // works!
> }
>
> Whaddaya think?
>
>
> Andrei

I agree. It also grants safe way to pass temporaries:

int bar(); 

int* gi;
void foo(ref int i)
{    
    gi = &i;
}

foo(bar()); // unsafe




More information about the Digitalmars-d mailing list