dip1000 and preview in combine to cause extra safety errors
Timon Gehr
timon.gehr at gmx.ch
Thu Jun 9 15:23:35 UTC 2022
On 09.06.22 16:46, Dennis wrote:
> On Thursday, 9 June 2022 at 01:18:30 UTC, Steven Schveighoffer wrote:
>> For some reason, while you can't return a pointer to a local, you can
>> return a scope pointer.
>
> A pointer to a local is guaranteed to be a dangling pointer when you
> return it, while a `scope` pointer is not guaranteed to be memory with
> limited lifetime when you return it. `scope` is only a conservative
> compile-time approximation of what's actually happening, which makes it
> susceptible to false positives:
>
> ```D
> int* f(int x) @safe {
> int* p = &x; // p is inferred scope here
> p = new int; // p is no longer pointing to stack memory
> return p; // Error: scope variable `p` may not be returned
> }
> ```
> This function could be permitted as @system or @trusted code.
Sure, and it should be. But the example was this:
```d
int* foo(scope int* s){ return s; }
```
There is no upside to allowing this `scope` annotation.
More information about the Digitalmars-d
mailing list