ref is unsafe

[Maxim Fomin]

On Sunday, 30 December 2012 at 08:38:27 UTC, Jonathan M Davis 
wrote:
> After some recent discussions relating to auto ref and const 
> ref, I have come
> to the conlusion that as it stands, ref is not @safe. It's 
> @system.

This is not a surprise, I remember Andrei was talking about it 
1.5 year ago.

> And I think that we need to take a serious look at it to see 
> what we can do to make
> it @safe. The problem is combining code that takes ref 
> parameters with code
> that returns by ref. Take this code for example:
> <skipped>

I have not met any bugzilla issue or a forum thread when someone 
has fallen in this double ref trap. The only cases I remember are 
discussions that there is such possible problem. Requiring some 
new @attribute or new keyword does not really help, because 
almost all D language constraints can be avoided by low-level 
tricks. Inferring this trap is not always possible as was 
mentioned here because compiler does not always have access to 
function definition.

I think it should not be fixed, but probably compiler may issue 
warning at some circumstances when it can realize this situation.

By the way, there is another issue with ref - 
http://dpaste.dzfl.pl/928767a9 which was discussed several month 
ago minimum. Do you think this should be also fixed?

> But my point is that we currently have a _major_ hole in SafeD 
> thanks
> to the combination of ref parameters and ref return types, and 
> we need to find
> a solution.
>
> - Jonathan M Davis
>

I don't take into D's @safity seriously because it can be easily 
hacked.