ref is unsafe
Maxim Fomin
maxim at maxim-fomin.ru
Wed Jan 2 04:45:32 PST 2013
On Sunday, 30 December 2012 at 08:38:27 UTC, Jonathan M Davis
wrote:
> After some recent discussions relating to auto ref and const
> ref, I have come
> to the conlusion that as it stands, ref is not @safe. It's
> @system.
This is not a surprise, I remember Andrei was talking about it
1.5 year ago.
> And I think that we need to take a serious look at it to see
> what we can do to make
> it @safe. The problem is combining code that takes ref
> parameters with code
> that returns by ref. Take this code for example:
> <skipped>
I have not met any bugzilla issue or a forum thread when someone
has fallen in this double ref trap. The only cases I remember are
discussions that there is such possible problem. Requiring some
new @attribute or new keyword does not really help, because
almost all D language constraints can be avoided by low-level
tricks. Inferring this trap is not always possible as was
mentioned here because compiler does not always have access to
function definition.
I think it should not be fixed, but probably compiler may issue
warning at some circumstances when it can realize this situation.
By the way, there is another issue with ref -
http://dpaste.dzfl.pl/928767a9 which was discussed several month
ago minimum. Do you think this should be also fixed?
> But my point is that we currently have a _major_ hole in SafeD
> thanks
> to the combination of ref parameters and ref return types, and
> we need to find
> a solution.
>
> - Jonathan M Davis
>
I don't take into D's @safity seriously because it can be easily
hacked.
More information about the Digitalmars-d
mailing list