[Dlang-internal] DIP1000 discussion and testing

Mathias Lang via Dlang-internal dlang-internal at puremagic.com
Fri Dec 16 08:43:30 PST 2016 

On Thursday, 15 December 2016 at 20:34:28 UTC, Martin Nowak wrote:
>
> Thanks for all the test cases, it's really the most useful 
> approach to close all escape holes. How about tracking all 
> scope bugs in Bugzilla using "[scope]" in the title and safe as 
> keyword?

IMO bugzilla is a more public setup than this NG is - people not 
familiar with the design of scope, or it's goal, might 
misinterpret it. I also doubt it would scale to more feature 
branches. But I have no strong feeling about it so if it fits 
your workflow better, I'm fine with that.

> If there are still design-concerns/unclarities about 
> (non-)transitivity, we could benefit from a good test case 
> illustrating the problem.

Lack of transitivity is one thing, inability to express something 
more complex than a top level scope is another.

There is no way to have a scope pointer to a scope pointer to an 
non scope pointer.
When it comes to scope, you actually want the inverse effect we 
have for const transitivity: the transitivity should go "up" 
instead of going "down".

If we borrow C's syntax for `const` for a minute, you could have:
- `scope * scope * int*` => scope ptr to scope ptr to non scope 
int ptr
- `scope * scope * scope int*` => scope ptr to scope ptr to scope 
ptr to int
- `      * scope * int*` => non scope ptr to a scope ptr to a non 
scope int ptr

The first 2 examples are valid as long as each "level" has a 
lifetime <= to the previous one. What we absolutely want to 
disallow is the ability to have a pointer to something with `>` 
lifetime.

With our current grammar, if scope was transitive, you could 
express the second example by:
`scope int***` or `scope(scope(scope(int*)*)*)`, or any variation.
However, there would be no ability to express the first, valid 
case.

Obviously we can put a blanket ban on those cases, but to me they 
sound valid.

Now, a more practical issue, once again related to changing the 
STC of some variable mid-way through a function semantic analysis:

```
struct Foo { int* ptr; }

void main () @safe
{
     int* a = escape();
}

int* escape () @safe
{
     int i;
     Foo f;
     scope int** x = &f.ptr;
     f.ptr = &i;

     return bar(x);
}

int* bar ( scope int** ptr ) @safe
{
   return *ptr;
}
```

Compiles with `./src/dmd -transition=safe -dip25 test.d` on 
commit fbbfce8f6e0afb716ec96ba3dc2e82b3536cbaac (with the latest 
2 P.R. merged).

More information about the Dlang-internal mailing list