Is return by ref really @safe?
Michel Fortin
michel.fortin at michelf.com
Wed Mar 10 11:49:40 PST 2010
On 2010-03-10 12:33:22 -0500, Norbert Nemec <Norbert at Nemec-online.de> said:
> bearophile wrote:
>> Michel Fortin:
>>> This compiles, but should it?
>>
>> I think the @safe attribute is not significant here, because that code
>> is wrong, in unsafe code too.
>> I think DMD lets it pass because it's not able to spot the bug. I don't
>> know if and when it will be able to trace such situations, but in the
>> meantime:
>> http://d.puremagic.com/issues/show_bug.cgi?id=3925
>
> I would say the possibility of a bug makes this code unsafe by
> definition. Ref returns must be considered unsafe by default, unless
> the compiler can know for sure that the object will exist beyond the
> lifetime of the function.
Exactly. This means that half of std.range will have to be @trusted for
wrapper ranges like retro.
It also breaks what I think Andrei said once: that 'ref' as implemented
in D is guarantied not to hold dangling references. (But perhaps that's
not what he said, I can't remember exactly.) I hope this is not written
in TDPL.
And thanks for filling the bug report bearophile.
--
Michel Fortin
michel.fortin at michelf.com
http://michelf.com/
More information about the Digitalmars-d
mailing list