Discussion Thread: DIP 1042--ProtoObject--Community Review Round 1
Elronnd
elronnd at elronnd.net
Sat Jan 15 12:02:06 UTC 2022
On Saturday, 15 January 2022 at 10:40:29 UTC, Timon Gehr wrote:
> It makes absolutely no sense that a @safe pure function can
> cast an int* to size_t. It violates the spec of pure functions,
> because pure functions can create new int* with addresses that
> depend on global state, so if they can in turn create integers
> from those, that will produce non-deterministic results.
This is why d needs a provenance model. I mentioned this before
in the RC/immut thread, no one seemed to care. It is not
sufficient to consider these issues in isolation. I will add:
pure does not mean @safe. The following program prints 17 on my
computer with a recent dmd, for instance:
pure int f(int *x) {
return x[1];
}
int main() {
import std.stdio;
int x, y = 17;
writeln(f(&x));
return y;
}
>> Meh paper over it with implementation-specific hacks.
> You can't, as any `pure` function can just call toHash.
Not sure what you mean. I propose to pretend to the compiler
that Object's constructor is pure, even though it is not (it must
access global state to calculate a hash for the object).
If the issue is that pure functions can call toHash and its
output is 'non-deterministic' then ... I really don't have any
more to say. toHash always returns the same result given the
same input.
More information about the Digitalmars-d
mailing list