Would like to see ref and out required for function calls

[David Piepgrass]

> I don't think there would be problems with allowing ref/out 
> optionally at the call site. The thing is, however, that in 
> this matter reasonable people may disagree.
> I'd be unable to identify any pattern in engineers choosing one 
> preference over the other.

Maybe C++ fans prefer pointers or implicit ref, C# fans prefer 
call-site ref?

> Now that the subject has been broken, we do have good evidence 
> of a pattern that generates significant and difficult bugs: 
> escaping the address of a reference. In C++:
>
> struct A {
>     A(int& host) : host_(host) {}
> private:
>     int& host_;
> };
>
> In D:
>
> class A { // or struct
>     A(ref int host) : _host(&host) {}
> private:
>     int* _host;
> }
>
> A solution we use for C++ is to require escaped addresses to be 
> always passed as pointers or smart pointers.
>
> Walter and I have discussed this for quite a while. We have 
> recently decided to disallow, at least in SafeD, escaping the 
> address of a ref parameter. In the beginning we'll be overly 
> conservative by disallowing taking the address of a ref 
> altogether. I'll write a DIP on that soon.

Err, wouldn't that break a lot of stuff, a lot of which is 
actually safe code?

void a(ref int x) { b(&x); }
void b(int* x) { if(x != null) (*x)++; }

Escaping the addresses of stack variables, not just ref 
parameters, is a general problem in "safe" D. Do you have any 
ideas about that?