DIP1000 scope inference
Steven Schveighoffer
schveiguy at gmail.com
Wed Oct 26 14:41:55 UTC 2022
On 10/26/22 8:49 AM, Dukc wrote:
> On Wednesday, 26 October 2022 at 08:03:37 UTC, Walter Bright wrote:
>> On 10/24/2022 6:35 PM, Steven Schveighoffer wrote:
>>> In a `@trusted` function today, without dip1000, the above is
>>> perfectly reasonable and not invalid. Will dip1000 make it corrupt
>>> memory?
>>
>> A very good question. Clearly, having code work when it is @safe, but
>> cause memory corruption when it is marked @trusted, is the wrong
>> solution. This should never happen. I'm not sure what the solution
>> should be here.
>
> It's not quite exactly that. The code in question fails with `@safe`.
>
> The problem is that Steven's `@trusted` code not only happens to work,
> but is defined behaviour without dip1000, yet undefined behaviour with
> `-preview=dip1000`.
Yes, maybe. I don't know if it's UB, because I don't know the
rules/philosophy.
>
> My proposal: disable local variable `scope` inference for `@system` and
> `@trusted` code. This has the downside that it's difficult to test
> whether the implementation really turns the inference off. But unless
> we're ready to ditch `scope` inference altogether I can't come up with
> anything better.
This is a possibility. I don't know the consequences of this, especially
for template code.
-Steve
More information about the Digitalmars-d
mailing list