On Sunday, 30 December 2012 at 08:38:27 UTC, Jonathan M Davis
wrote:
After some recent discussions relating to auto ref and const
ref, I have come
to the conlusion that as it stands, ref is not @safe. It's
@system.
This is not a surprise, I remember Andrei was talking about it
1.5 year ago.
And I think that we need to take a serious look at it to see
what we can do to make
it @safe. The problem is combining code that takes ref
parameters with code
that returns by ref. Take this code for example:
<skipped>
I have not met any bugzilla issue or a forum thread when someone
has fallen in this double ref trap. The only cases I remember are
discussions that there is such possible problem. Requiring some
new @attribute or new keyword does not really help, because
almost all D language constraints can be avoided by low-level
tricks. Inferring this trap is not always possible as was
mentioned here because compiler does not always have access to
function definition.
I think it should not be fixed, but probably compiler may issue
warning at some circumstances when it can realize this situation.
By the way, there is another issue with ref -
http://dpaste.dzfl.pl/928767a9 which was discussed several month
ago minimum. Do you think this should be also fixed?
But my point is that we currently have a _major_ hole in SafeD
thanks
to the combination of ref parameters and ref return types, and
we need to find
a solution.
- Jonathan M Davis
I don't take into D's @safity seriously because it can be easily
hacked.
