DIP1000: The return of 'Extend Return Scope Semantics'
ag0aep6g
anonymous at example.com
Sat Jun 12 07:33:26 UTC 2021
On 11.06.21 05:12, Walter Bright wrote:
> Hence a simple solution:
>
> Make move() @trusted.
You can't make `move` @trusted.
Consider a simplified `move`:
```d
void move(ref return scope int* source, ref scope int* target) @safe
{
target = source; /* error */
}
```
An @trusted function must still obey the spec. The spec says that the
value of `source` cannot be assigned to `target`. The compiler assumes
that that holds. If you abuse @trusted to break that assumption,
undefined behavior follows.
For example, you would allow the following:
```d
int* target;
void f() @safe
{
int local;
int* source = &local;
move(source, target); /* uh-oh */
}
```
> Write an @safe alternative to move() with the parameters swapped.
If you could make `move` @trusted, there would be no need for an @safe
alternative. @safe and @trusted are the same from the perspective of the
caller (unless you apply @trusted incorrectly).
More information about the Digitalmars-d
mailing list