DIP1000: Scoped Pointers (Discussion)
Walter Bright via Digitalmars-d
digitalmars-d at puremagic.com
Thu Aug 11 14:57:06 PDT 2016
On 8/11/2016 6:36 AM, Marc Schütz wrote:
> 1) `scope` on local variables is unnecessary. Requiring it probably makes the
> implementation easier, but it doesn't need to be specified explicitly because it
> can always be inferred.
Yes, it can be easily inferred from the initializer, and I plan to do it that
way. The 'return' of 'return scope' can also be frequently inferred like it is
for 'return ref'.
> 2) The lifetime algebra contains lots of rules saying "only applicable to
> pointer types". That's an indication that some of the definitions weren't well
> chosen. I believe it is a consequence of all values having a lifetime, even
> though it is defined to be identical to the visibility for non-reference types.
> Adjusting the definitions will probably simplify things. E.g. `lifetime(&e) =
> visibility(e)` instead of `lifetime(&e) = lifetime(e)`
>
> 3) LHS and RHS need to be treated differently, at least for the ternary operator
> (min for RHS, max for LHS); consider
>
> int *a;
> int b;
> int *c;
> int d;
> c = cond ? &b : &d; // ok, rejected because c outlives b
With conditionals, the scope of it is the narrowest scope of each of its leaves.
> (cond ? a : c) = &b; // not ok, accepted even though a outlives b
I had overlooked the lvalue case, but you're right. The rules for it are inevitable.
> An equivalent situation can be crafted by using a function with return scope and
> multiple scope parameters. If the return value is used on the LHS, the max of
> all the involved lifetimes has to be used.
That's right.
> As a consequence, there must be two lifetimes associated with every reference.
> 4) The DIP doesn't address mutable aliasing at all. As a consequence, the
> example `RefCountedSlice` is unsafe:
>
> auto arr = RefCountedSlice!int(10);
> auto ptr = &arr[5];
> arr = RefCountedSlice!int(42);
> *ptr = 1; // use after free
The idea is to have containers return references by 'return ref' or 'return
scope' so the internal references can't escape the expression they're used in.
More information about the Digitalmars-d
mailing list