Would like to see ref and out required for function calls
David Piepgrass
qwertie256 at gmail.com
Thu Sep 13 07:53:55 PDT 2012
> I don't think there would be problems with allowing ref/out
> optionally at the call site. The thing is, however, that in
> this matter reasonable people may disagree.
> I'd be unable to identify any pattern in engineers choosing one
> preference over the other.
Maybe C++ fans prefer pointers or implicit ref, C# fans prefer
call-site ref?
> Now that the subject has been broken, we do have good evidence
> of a pattern that generates significant and difficult bugs:
> escaping the address of a reference. In C++:
>
> struct A {
> A(int& host) : host_(host) {}
> private:
> int& host_;
> };
>
> In D:
>
> class A { // or struct
> A(ref int host) : _host(&host) {}
> private:
> int* _host;
> }
>
> A solution we use for C++ is to require escaped addresses to be
> always passed as pointers or smart pointers.
>
> Walter and I have discussed this for quite a while. We have
> recently decided to disallow, at least in SafeD, escaping the
> address of a ref parameter. In the beginning we'll be overly
> conservative by disallowing taking the address of a ref
> altogether. I'll write a DIP on that soon.
Err, wouldn't that break a lot of stuff, a lot of which is
actually safe code?
void a(ref int x) { b(&x); }
void b(int* x) { if(x != null) (*x)++; }
Escaping the addresses of stack variables, not just ref
parameters, is a general problem in "safe" D. Do you have any
ideas about that?
More information about the Digitalmars-d
mailing list