ref is unsafe

Nick Treleaven ntrel-public at yahoo.co.uk
Sun Dec 30 09:32:40 PST 2012


On 30/12/2012 09:17, Jonathan M Davis wrote:
> The problem is the wrapper function.
> You'd also have to disallow functions from returning ref parameters by ref.
> Otherwise,
>
> ref int foo(ref int i)
> {
>      return i;
> }
>
> ref int baz(int i)
> {
>      return foo(i);
> }
>
> continues to cause problems. And making it illegal to return ref parameters by
> ref would be a serious problem for wrapper ranges, because they do that sort
> of thing all the time with front. So, that's not really going to work.

I think the compiler needs to be able to mark foo as a function that 
returns its input reference. Then, any arguments to foo that are locals 
should cause an error at the call site (e.g. in baz). So legal calls to 
foo can always be @safe.

To extend the above code:

ref int quux(ref int i)
{
     return foo(i);
}

Here the compiler already knows that foo returns its input reference. So 
it checks whether foo is being passed a local - no; but it also has to 
check if foo is passed any ref parameters of quux, which it is. The 
compiler now has to mark quux as a function that returns its input 
reference.

Works?


More information about the Digitalmars-d mailing list