Discussion Thread: DIP 1042--ProtoObject--Community Review Round 1

Elronnd elronnd at elronnd.net
Sat Jan 15 12:02:06 UTC 2022

On Saturday, 15 January 2022 at 10:40:29 UTC, Timon Gehr wrote:
> It makes absolutely no sense that a @safe pure function can 
> cast an int* to size_t. It violates the spec of pure functions, 
> because pure functions can create new int* with addresses that 
> depend on global state, so if they can in turn create integers 
> from those, that will produce non-deterministic results.

This is why d needs a provenance model.  I mentioned this before 
in the RC/immut thread, no one seemed to care.  It is not 
sufficient to consider these issues in isolation.  I will add: 
pure does not mean @safe.  The following program prints 17 on my 
computer with a recent dmd, for instance:

pure int f(int *x) {
	return x[1];
int main() {
	import std.stdio;
	int x, y = 17;
	return y;

>> Meh paper over it with implementation-specific hacks.

> You can't, as any `pure` function can just call toHash.

Not sure what you mean.  I propose to pretend to the compiler 
that Object's constructor is pure, even though it is not (it must 
access global state to calculate a hash for the object).

If the issue is that pure functions can call toHash and its 
output is 'non-deterministic' then ... I really don't have any 
more to say.  toHash always returns the same result given the 
same input.

More information about the Digitalmars-d mailing list