ref is unsafe
Rob T
rob at ucora.com
Thu Jan 3 14:50:37 PST 2013
On Thursday, 3 January 2013 at 21:56:22 UTC, David Nadlinger
wrote:
> I must admit that I haven't read the rest of the thread yet,
> but I think the obvious and correct solution is to disallow
> passing locals (including non-ref parameters, which are
> effectively locals in D) as non-scope ref arguments.
The problem with that idea, is that a ref return with no
arguments may call another ref return that returns something that
escapes the scope it was created in. If the source code is not
available, then there's no way for the compiler to determine that
this is going on.
I would suggest to disallow all ref returns that make use of a
ref return function call *unless* the code portion is marked as
@trusted, and to to that requires following the ideas presented
for changing how @trusted should be implemented, ie allowing
selected portions of otherwise unsafe code to be marked as
trusted by a programmer who has verified the use of the code to
be safe given the context.
> The scope attribute, once properly implemented, would make sure
> that the reference is not escaped. For now, we could just make
> it behave overly conservative in @safe code.
>
> David
My understanding was that in some cases that source code is not
available to the compiler, which I would think means that
preventing scope escaping cannot be 100% guaranteed, correct?
--rt
More information about the Digitalmars-d
mailing list