DIP1000 finds stack corruption bug in std.socket

[Meta]

On Tuesday, 19 March 2019 at 04:25:30 UTC, Walter Bright wrote:
> https://github.com/dlang/phobos/pull/6919
>
> The function returns a pointer to a local variable. The 
> pre-DIP1000 code circumvented the compiler error message by 
> passing the address through another variable. DIP1000 tracks 
> the lifetimes across assignments, exposing such shenanigans.
>
> These sorts of bugs can be very hard to track down by their 
> effects.

I think we have a ways to go with DIP1000/DIP25, but after 
actually putting them to use I am cautiously optimistic. I was 
expecting it to be a nightmare to annotate my recent pet project, 
but it actually wasn't too bad and only took an evening going 
from 0 to about 85% annotated.

My main concern is that it doesn't seem to do a single thing if 
your functions aren't marked as @safe; from what I can tell, 
`scope`, `return scope`, etc. are entirely ignored without that 
@safe, which can be confusing when you're trying to figure out 
why something isn't working, only to realize you forgot @safe. 
This is also a big plus, of course, and I attribute the relative 
ease of transitioning my codebase to this fact. It definitely 
makes the burden of compliance for large code bases much easier.

Documentation is also a big concern, of course. That and some 
bugs (or perhaps just unsupported use cases - see my other 
thread) are two problems that I expect is just a matter of time 
and a larger number of people using DIP1000/DIP25, finding all 
the corner cases that need to be ironed out.