Is @safe still a work-in-progress?

Chris M. chrismohrfeld at comcast.net
Thu Aug 23 23:36:07 UTC 2018 

On Thursday, 23 August 2018 at 15:48:00 UTC, Chris M. wrote:
> On Thursday, 23 August 2018 at 15:14:07 UTC, Steven 
> Schveighoffer wrote:
>> On 8/23/18 9:32 AM, Steven Schveighoffer wrote:
>>> [...]
>>
>> Actually, thinking about this, the shortest lifetime is 
>> dictated by how it is called, so there is no valid way to 
>> determine which one makes sense when compiling the function.
>>
>> In order for this to work, you'd have to attribute it somehow. 
>> I can see that is likely going to be way more cumbersome than 
>> it's worth.
>>
>> If I had to design a specific way to allow the common case to 
>> be easy, but still provide a mechanism for the uncommon cases, 
>> I would say:
>>
>> 1. define a compiler-recognized attribute (e.g. @__sink).
>> 2. If @__sink is applied to any parameter, that is effectively 
>> the return value.
>> 3. In the absence of a @__sink designation on 
>> non-void-returning functions, it applies to the return value.
>> 4. In the absence of a @__sink designation on void returning 
>> functions, it applies to the first parameter.
>> 5. Inference of @__sink happens even on non-templates.
>> 6. If @__sink is attributed on multiple parameters, you assume 
>> all return parameters are assigned to all @__sink parameters 
>> for the purposes of verifying lifetimes are not exceeded.
>>
>> Ugly to specify, but might actually be pretty non-intrusive to 
>> use.
>>
>> -Steve
>
> This is more a general reply to the thread.
>
> If I think I'm getting a good grasp on the issue here, it seems 
> like something Rust already solved with lifetime annotations. 
> Could they or something similar be leveraged for D as well?
>
> https://doc.rust-lang.org/1.9.0/book/lifetimes.html
>
> Current solution just seems too specific and very restrictive.

Heck, now that I'm looking at it, DIP25 seems like a more 
restricted form of Rust's lifetimes. Let me know if I'm just 
completely wrong about this, but

@safe ref int identity(return ref int x) {
     return x; // fine
}

would basically be like (pseudosyntax)

@safe ref'a int identity(ref'a int x) {
     return x; // fine
}

Maybe the more sane thing would be a syntax that visually ties 
them together as above. Obviously we're looking at possibly 
breaking changes, but how widespread would they be?

void betty(ref'a scope int* r, scope'a int* p); // syntax is not 
so nice since I just arbitrarily stuck them on different 
keywords, but that's besides the point here

More information about the Digitalmars-d mailing list