ref is unsafe
Jonathan M Davis
jmdavisProg at gmx.com
Tue Jan 1 14:36:42 PST 2013
On Monday, December 31, 2012 22:25:52 Mehrdad wrote:
> I don't understand why there is a discussion on trying to
> special-case ref parameters. There's nothing special about ref
> parameters... what's special is ref _returns_.
>
> Therefore all we need to do is disallow ref returns in @safe code.
The problem is ranges. auto ref returns are _very_ common with the front and
back of ranges (especially wrapper ranges). If returning by ref or auto ref
automatically renders code @system, then we just made a _large_ portion of
Phobos @system when most of it is actually perfectly safe.
We _might_ be able to say that a function is @system if it both takes an
argument by ref and returns by ref, but even that is likely to be a problem
unless we can statically prove _in most cases_ that there's no way that the
ref being returned could be to any portion of any of the arguments passed by
ref.
- Jonathan M Davis
More information about the Digitalmars-d
mailing list