Tell us your DIP1000 woes
Richard (Rikki) Andrew Cattermole
richard at cattermole.co.nz
Mon Aug 26 08:33:37 UTC 2024
On 26/08/2024 8:17 PM, Walter Bright wrote:
> I found the following inconsistency:
>
> ```
> @safe ref int abc(int i) { return ghi(i); }
> @trusted ref int ghi(ref int r) { return r; }
>
> @safe int* foo(int i) { return bar(&i); } // Error: reference to local
> variable `i` assigned to non-scope parameter `p` calling `bar`
> @trusted int* bar(int* p) { return p; }
> ```
>
> Compiling with -dip1000 gives the error indicated. Note that it did not
> give an error for the semantically equivalent call to ghi(i).
>
> Possible resolutions:
>
> 1. give an error for both
>
> 2. give no error for both, as @trusted implementations are the user's
> problem
>
> 3. disallow taking the address of a local variable in @safe code
There is a fourth option:
Infer for ``@trusted`` functions, but don't validate.
Support describing the empty escape set separately from wanting it inferred.
If set, trust it, otherwise infer.
Will infer:
```d
@trusted ref int ghi(ref int r) { return r; }
```
Will use annotation:
```d
@trusted ref int ghi(@escapevia(return) ref int r) { return r; }
@trusted ref int ghi(@escapevia() ref int r) { return r; }
```
First and second will error, but third won't.
This appears to be an interaction between DIP1000 and the fact that
``@trusted`` functions have an interface that is required to be
``@safe`` but not its body validated.
More information about the Digitalmars-d
mailing list