dip1000 and preview in combine to cause extra safety errors
John Colvin
john.loughran.colvin at gmail.com
Wed Jun 8 15:58:10 UTC 2022
On Wednesday, 8 June 2022 at 15:35:56 UTC, Steven Schveighoffer
wrote:
> On 6/8/22 11:10 AM, Dukc wrote:
>> On Wednesday, 8 June 2022 at 14:52:53 UTC, Steven
>> Schveighoffer wrote:
>>> ```d
>>> string foo(in string s)
>>> {
>>> return s;
>>> }
>>>
>>> void main()
>>> {
>>> import std.stdio;
>>> string[] result;
>>> foreach(c; "hello")
>>> {
>>> result ~= foo([c]);
>>> }
>>> writeln(result);
>>> }
>>> ```
>>>
>>> Thoughts?
>>
>> This is simply the result of using `in` wrong. `in` means
>> `const scope`. `scope` (without preceeding `return`) means you
>> won't return a reference to the address to the argument
>> (unless the function can reach it via some other channel).
>> Result: undefined behaviour.
>
> So silently changing behavior to create new dangling pointers
> with a preview switch is ok?
>
> Remember, there is already code that does this. It's not trying
> to be clever via scope, it's not trying to be `@safe`, it's
> expecting that an array literal is allocated on the GC (as has
> always been the case).
>
> -Steve
The preview switch is changing the meaning of `in` which changes
the signature of `foo` (which is then inconsistent with the
implementation), which in turn will affect the call sites. This
seems roughly as expected, no?
More information about the Digitalmars-d
mailing list