DIP1000: Scoped Pointers (Discussion)
Marc Schütz via Digitalmars-d
digitalmars-d at puremagic.com
Thu Aug 11 06:36:06 PDT 2016
My comments:
1) `scope` on local variables is unnecessary. Requiring it
probably makes the implementation easier, but it doesn't need to
be specified explicitly because it can always be inferred. It's a
tradeoff: do we want to make it easier for compiler writers to
implement, or do we want to ease the burden for the end users of
the feature?
2) The lifetime algebra contains lots of rules saying "only
applicable to pointer types". That's an indication that some of
the definitions weren't well chosen. I believe it is a
consequence of all values having a lifetime, even though it is
defined to be identical to the visibility for non-reference
types. Adjusting the definitions will probably simplify things.
E.g. `lifetime(&e) = visibility(e)` instead of `lifetime(&e) =
lifetime(e)`
3) LHS and RHS need to be treated differently, at least for the
ternary operator (min for RHS, max for LHS); consider
int *a;
int b;
int *c;
int d;
c = cond ? &b : &d; // ok, rejected because c outlives b
(cond ? a : c) = &b; // not ok, accepted even though a outlives
b
An equivalent situation can be crafted by using a function with
return scope and multiple scope parameters. If the return value
is used on the LHS, the max of all the involved lifetimes has to
be used.
As a consequence, there must be two lifetimes associated with
every reference.
4) The DIP doesn't address mutable aliasing at all. As a
consequence, the example `RefCountedSlice` is unsafe:
auto arr = RefCountedSlice!int(10);
auto ptr = &arr[5];
arr = RefCountedSlice!int(42);
*ptr = 1; // use after free
More information about the Digitalmars-d
mailing list