On 04/23/2013 09:51 PM, Steven Schveighoffer wrote:
On Tue, 23 Apr 2013 15:40:35 -0400, Timon Gehr <timon.g...@gmx.ch> wrote:
Safety should be guaranteed in @safe code. There is no point in
conservatively disallowing perfectly fine @system code on the basis of
safety concerns, unless, of course, the type system is advanced enough
to prove safe all relevant use cases.
I agree with this. If @safe code is all that is affected, we will be
well off. We can also disallow known bad cases in non-@safe code.
-Steve
Another possibility I consider fine is to implement what Andrei suggests
and then allow @system code to cast around the conservative escape
checks using something like eg. cast(scope).
struct CodeGen{
struct Label{
CodeGen* outer;
}
Label makeLabel(){ return Label(&this); } // error
}
struct CodeGen{
struct Label{
CodeGen* outer;
}
Label makeLabel(){ return Label(cast(scope)&this); } // ok
}
The best way to fix this would of course be to introduce lifetimes as an
explicit type system feature. (Though if I was allowed to add that kind
of complexity to the type system, I'd do many things very differently.)