ref parameters: there is no escape
dsimcha
dsimcha at yahoo.com
Sun Aug 14 10:39:38 PDT 2011
On 8/14/2011 1:05 PM, Andrei Alexandrescu wrote:
>> Pass-by-pointer is really, really ugly when used in high-level D-style
>> code, and exposes the implementation detail that the D wrapper is using
>> C code. By explicit cast, do you mean one in dWrapper() that's
>> encapsulated and invisible to the caller?
>
> Yah, dWrapper would become:
>
> void dWrapper(ref int a, ref int b) {
> cFun(cast(int*) &a, cast(int*) &b);
> }
>
> If the casts are missing, the compiler's error message could clarify
> under what assumptions they might be inserted.
Ok, IIUC we might have found some common ground here. Is the idea that,
if you insert the cast, then it's an unsafe cast and you're free to take
the address of a ref parameter, period? I think this is a reasonable
compromise:
1. There's enormous precedent for the idea that casts are for things
you **probably** shouldn't be doing but may occasionally have a good
reason to do.
2. It's greppable, unlike the status quo, where there's no easy way to
search for possible escaping of addresses of ref parameters.
3. It solves the encapsulation problem mentioned in my previous post.
4. It can be disallowed in SafeD as an unsafe cast.
5. If you allow taking the address of ref parameters without a cast as
long as the compiler can prove that they don't escape, then performing
this type of cast is a very explicit statement that you **know** the
compiler can't prove that those addresses don't escape and that you take
full responsibility for ensuring they don't.
6. It may eventually lead to a more comprehensive ownership type system
similar to one that's been discussed here before, where there's
ScopedPointers and regular pointers. A ScopedPointer is a super type of
a regular pointer, isn't allowed to escape from where it was created, etc.
Bottom line: I completely agree that escaping addresses of ref
parameters is a terrible design. I'm fine with making constructs that
have the potential to do so more verbose and explicit by requiring
casts. However, I am against disallowing it completely for the
following reasons:
1. The rules against it would have to be conservative, meaning at least
some valid designs are tossed out as well. This is completely
unacceptable in a systems language.
2. I'm not convinced that escaping addresses of ref parameters is at
all easy to do by accident.
3. In a systems language the compiler should **never** go out of its
way to completely disallow a design, no matter how bad that design is.
A language is a tool that should do what the user tells it to, not a
nanny that should prevent the user from being naughty. (Though this
does not preclude the compiler making it hard to do bad things **by
accident**.) I don't care if said design is wholeheartedly endorsed by
The Devil himself.
More information about the Digitalmars-d
mailing list