Is @safe still a work-in-progress?

Atila Neves atila.neves at gmail.com
Tue Aug 21 21:17:25 UTC 2018 

On Tuesday, 21 August 2018 at 19:36:39 UTC, Walter Bright wrote:
> On 8/21/2018 7:31 AM, Atila Neves wrote:
>> The problem is that the code we write doesn't deal directly 
>> with pointers - see the recent confusion in this forum over 
>> where `scope` on the left applies to the `this` pointer or the 
>> one returned by the member function.
>
> That's what I was saying :-)
>
> The way to deal with this is make a copy of the code, then 
> rewrite it so it does the exact same thing, but with pointers 
> and refs only. No member functions, no delegates, no dynamic 
> arrays. Then it is MUCH MUCH easier to see where the 
> annotations go.


Well, no. The syntax isn't the same for member functions. The 
examples from the actual DIP don't compile. There it says:

-------
scope can be applied to function return values (even though it is 
not a type qualifier). It must be applied to the left of the 
declaration, in the same way ref is:

scope int* foo();     // applies to return value
--------

Except:

-------
struct MyStruct { scope int* foo() scope; }

foo.d(1): Error: redundant attribute scope
-------

Meaning the first `scope` actually applies to `this`. Writing 
this out as a non-member function won't help me declare member 
functions!

I still don't know how to return a ref/pointer that's scoped. And 
I thought I'd written code that did that. Maybe I did. I'm very 
confused.


> BTW, the annotations do not break things. The worst that will 
> happen is the compiler will complain in @safe code that they 
> are incorrect, and you'll need to fix it or make it @trusted. 
> The compiler is also pretty good about inferring the correct 
> annotations, at least for templates and lambdas, which helps 
> enormously.

In my opinion, the worst that can happen is I successfully 
compile my @safe code with -dip1000 and the resulting binary 
isn't memory-safe, which is what's been happening to me.

> However, dip1000 not working with Phobos is a huge impediment 
> to success, and so pulling 8504 is critical.

I don't have merge rights. I took a look anyway and it mostly 
looks ok, but I'm not familiar enough with that part of the 
codebase.

More information about the Digitalmars-d mailing list