Discussion Thread: DIP 1035-- at system Variables--Final Review
Paul Backus
snarwin at gmail.com
Mon Feb 21 19:49:58 UTC 2022
On Saturday, 19 February 2022 at 12:24:04 UTC, Mike Parker wrote:
> This is the discussion thread for the Final Review of DIP 1035,
> "@system Variables":
>
> https://github.com/dlang/DIPs/blob/4d73e17901a3a620bf59a2a5bfb8c433069c5f52/DIPs/DIP1035.md
In the "Example: `int` as pointer" section, the following
sentence appears:
> Because an `int` is a safe type, any `int` value can be created
> from `@safe` code, so any memory corruption that could follow
> from escaping a `scope int` could also result from creating the
> same `int` value without accessing the variable.
This sentence correctly recognizes that (absent incorrect
`@trusted` code elsewhere) there is no memory-safety risk in
allowing a value without indirections to escape from a function.
It also completely undermines the example's motivation. If there
is no benefit to memory-safety from applying `scope` checking to
data without indirections, then there is no justification for
enabling such checks in all `@safe` code, even if they may
occasionally be "desirable" for other, non-memory-safety-related
reasons.
Later, in the "Description" section, we find the following
sentence:
> The `scope` keyword is not stripped away [from an aggregate
> with at least one `@system` field], even when the aggregate has
> no members that contain pointers.
The only justification for this appears to be the example
discussed above.
Both this sentence, and the example that attempts to support it,
should be removed from the DIP.
More information about the Digitalmars-d
mailing list