dip1000 and preview in combine to cause extra safety errors
Timon Gehr
timon.gehr at gmx.ch
Thu Jun 9 00:38:13 UTC 2022
On 09.06.22 01:19, Walter Bright wrote:
> On 6/8/2022 10:50 AM, John Colvin wrote:
>> The problem is `foo` and whether the compiler should somehow prevent
>> the inconsistency between the signature and implementation. Obviously
>> the answer is “yes, ideally”, but in practice with @safe, @system,
>> dip1000, @live and so on it’s all a mess.
>
> The checks aren't done for @system code. Yes, the compiler believes you
> for @system code. It's the point of @system code.
>
> If foo() is annotated with @safe,
>
> test6.d(5): Deprecation: scope variable `s` may not be returned
>
> The compiler is working as intended, this is not unexpected behavior.
Actually it *is* unexpected behavior.
```d
int* foo()@system{
int x;
return &x; // error
}
int* foo(ref int x)@system{
return &x; // error
}
int* foo(scope int* x)@system{
return x; // ok
}
```
This does not have anything to do with `@safe` by default, it's just an
inconsistency in the compiler implementation.
More information about the Digitalmars-d
mailing list