Would like to see ref and out required for function calls

[Andrei Alexandrescu]

On 9/13/12 10:53 AM, David Piepgrass wrote:
>> Walter and I have discussed this for quite a while. We have recently
>> decided to disallow, at least in SafeD, escaping the address of a ref
>> parameter. In the beginning we'll be overly conservative by
>> disallowing taking the address of a ref altogether. I'll write a DIP
>> on that soon.
>
> Err, wouldn't that break a lot of stuff, a lot of which is actually safe
> code?
>
> void a(ref int x) { b(&x); }
> void b(int* x) { if(x != null) (*x)++; }

Yes. Disallowing taking the address of a local is conservative and would 
disallow a number of valid programs.

Arguably, such programs are in poor style anyway. A good program takes 
pointers only if it needs to keep them around; if all that's needed is 
to use the parameter transitorily or pass it down, ref is best.

> Escaping the addresses of stack variables, not just ref parameters, is a
> general problem in "safe" D. Do you have any ideas about that?

Same thing. By and large safe programs will need to make more use of the 
garbage collector than others. It's the way things work; stack 
allocation can be made safer if we add typed regions, but that's a very 
significant escalation of complication. There is no simple solution to 
this today.


Andrei