Tell us your DIP1000 woes
Paul Backus
snarwin at gmail.com
Wed Aug 28 14:48:04 UTC 2024
On Sunday, 25 August 2024 at 13:10:22 UTC, Mike Parker wrote:
> Second, we'd like to get a number of examples of problems
> people have had with using DIP1000 that haven't shown up in
> Bugzilla. Walter wants to be as certain as he can whether such
> issues are fixable or if the design is fundamentally flawed.
Here's an issue that stems from a fundamental shortcoming of
DIP1000's design: you can't write a `@safe` `swap` function.
Consider the following example:
@safe void swap(ref /* ??? */ int* a, ref return scope int*
b);
@safe unittest
{
int local;
static int global;
// Ensure both pointers have identical lexical scopes
static struct Pair { int* a, b; }
auto p1 = Pair(&local, &local);
auto p2 = Pair(&global, &global);
auto p3 = Pair(&local, &global);
auto p4 = Pair(&global, &local);
swap(p1.a, p1.b);
swap(p2.a, p2.b);
static assert(!__traits(compiles, swap(p3.a, p3.b)));
static assert(!__traits(compiles, swap(p4.a, p4.b)));
}
A correct, `@safe` function signature for `swap` should be able
to pass this unit test. However, under the DIP1000 system, there
is no possible combination of attributes for the parameter `a`
that will not cause one of the test cases to fail.
- `ref int* a` causes `swap(p1.a, p1.b)` to fail.
- Both `ref scope int* a` and `ref return scope int* a` cause
`swap(p3.a, p3.b)` to compile when it shouldn't.
More information about the Digitalmars-d
mailing list