-dip1000 and non-scope variables

Thu Feb 18 14:18:07 UTC 2021

On Thursday, 18 February 2021 at 10:05:52 UTC, RazvanN wrote:
> Hello everyone,
>
> I am trying to fix a regression with regards to -dip1000 [1], 
> but I am terribly confused on what the behavior should be. 
> Example:
>
> class MinPointerRecorder
> {
>     int* minPrice;
>     void update(ref int price) @safe
>     {
>         minPrice = &price; /* Should not compile. */
>     }
> }
>
> Compile that code without -dip1000 and you get an error: " 
> Error: cannot take address of local `a` in `@safe` function 
> `test`". Compile with dip1000 and the error goes away. Is 
> DIP1000 supposed to relax conditions for non-scoped 
> pointers/references? I would assume that dip1000 should impose 
> harder restrictions, not relax them. Normally, in @safe code 
> you are not allowed to take the address of a local or a 
> parameter, however, it seems that with -dip1000 that is allowed 
> and the compiler tries to infer `scope`.
>
> What happens in this specific case is that price is inferred to 
> be non-scope and therefore is allowed to be passed to 
> `minPrice` leading to memory coruption (see the bug report).
>
> Does anyone know what exactly is the intended behavior? 
> Unfortunately both the spec and the DIP [2] do not explicitly 
> mention this cases.
>
> Cheers,
> RazvanN
>
>
> [1] https://issues.dlang.org/show_bug.cgi?id=21212
> [2] 
> https://github.com/dlang/DIPs/blob/master/DIPs/other/DIP1000.md

The person that you should be asking this question towards is 
walter himself. He is the one who is driving force behind the 
implementation of the dip. We have to stop some of his PR request 
regarding dip1000 without spec documentation as it going to 
create some confusion in the future.

-Alex