ref is unsafe
Jason House
jason.james.house at gmail.com
Wed Jan 2 15:48:19 PST 2013
On Sunday, 30 December 2012 at 08:38:27 UTC, Jonathan M Davis
wrote:
> After some recent discussions relating to auto ref and const
> ref, I have come
> to the conlusion that as it stands, ref is not @safe. It's
> @system. And I
> think that we need to take a serious look at it to see what we
> can do to make
> it @safe. The problem is combining code that takes ref
> parameters with code
> that returns by ref.
The best solution I can think of is for the @safe code to require
a ref return value is treated with the same care as all the
function input arguments. I'll try to annotate the example code
you gave to explain.
> Take this code for example:
>
> ref int foo(ref int i)
> {
> return i;
> }
This function is valid. Ref input arguments can be returned.
>
> ref int bar()
> {
> int i = 7;
> return foo(i);
> }
If @safe, this code will not compile.
Error: foo may return a local stack variable
Since "i" is a local variable, "foo(i)" might return it.
>
> ref int baz(int i)
> {
> return foo(i);
> }
This function is fine. "i" is an input argument so "foo(i)" is
considered to be equivalent to an input argument.
>
> void main()
> {
> auto a = bar();
> auto b = baz(5);
> }
Both function calls compile. The variable a could be returned.
I'm not sure if b should be returnable by ref. if "5" is a
manifest constant, it must be an error in @safe code. If it has a
permanent address, it could be returned.
More information about the Digitalmars-d
mailing list