ref is unsafe

[deadalnix]

On Thursday, 3 January 2013 at 22:50:38 UTC, Rob T wrote:
> The problem with that idea, is that a ref return with no 
> arguments may call another ref return that returns something 
> that escapes the scope it was created in. If the source code is 
> not available, then there's no way for the compiler to 
> determine that this is going on.
>

You can't return a scope ref in @safe code, so that is not an 
issue.

> I would suggest to disallow all ref returns that make use of a 
> ref return function call *unless* the code portion is marked as 
> @trusted, and to to that requires following the ideas presented 
> for changing how @trusted should be implemented, ie allowing 
> selected portions of otherwise unsafe code to be marked as 
> trusted by a programmer who has verified the use of the code to 
> be safe given the context.
>
>> The scope attribute, once properly implemented, would make 
>> sure that the reference is not escaped. For now, we could just 
>> make it behave overly conservative in @safe code.
>>
>> David
>
> My understanding was that in some cases that source code is not 
> available to the compiler, which I would think means that 
> preventing scope escaping cannot be 100% guaranteed, correct?
>

This is why the scope qualifier exists.