-dip25 switch: time to make it always on?
Walter Bright via Digitalmars-d
digitalmars-d at puremagic.com
Sat Jul 2 05:00:53 PDT 2016
On 7/2/2016 2:55 AM, Dicebot wrote:
> I have submitted a short summary of that ng.learn thread here :
> https://issues.dlang.org/show_bug.cgi?id=16228
Thanks! I'll fix them.
> My overall opinion of DIP25 is that it must not become part of language
> mainline for two reasons:
>
> 1) Implementation is not sufficiently mature (mostly diagnostics issues)
Of all the reports on it, there's nothing yet that makes it fundamentally wrong.
Just a few garden variety bugs. Furthermore, none of the bugs resulted in any
sort of corruption that was not in the code already without -dip25, i.e. it did
no harm.
> 2) It targets a very niche use case and is too much of a language burden
> on its own - there are no interesting designs one can do with DIP25
> alone to "sell" the feature.
Since 'ref' is a critical feature, 'return ref' is needed to ensure that
functions are not returning references to the stack. It's necessary for the
fundamental 'identity' function to work safely.
You're right that there are no interesting designs that dip25 enables - there
are no designs at all that dip25 enables. But that isn't it's purpose. It's
purpose is to diagnose uses of ref that would cause corruption.
I don't understand why it would be a language burden. The idea behind this
design is to require the user to add as few annotations as possible, and in this
it has been (inadvertently according to deadalnix!) rather successful.
'return ref' is intended to provide safety without turning D into a B+D language.
All it really takes is finding one instance of memory corruption to make it
worthwhile. I've lost many hours of my life searching for the causes of memory
corruption. Recently on Reddit there were several tales of unsafe code costing
corporations huge $$$$ in remedial action and innumerable customers suffered as
malware blasted their systems. A solution is a big deal - even an incomplete
solution is better than no solution. (Even though I fully intend to make D's
solution complete.)
> In my opinion it should sit in a preview state until `return scope` or
> whatever replaces it gets finalized and tested and merged in main
> language simultaneously as parts of same feature.
'return scope' is coming soon. But that's a bigger cognitive leap, and is indeed
a separate problem.
BTW, my work in applying @safe to Phobos modules has uncovered one overflow bug
so far (and fixed). @safe, while incomplete, is far from useless.
As for being in a preview state, this thread amply demonstrates that is
ineffective, as few to nobody even tries it. Maybe it would be more effective
with a larger community.
More information about the Digitalmars-d
mailing list