Argh, accidentally hit send before I meant to on my last post. Please
ignore.
On 8/14/2011 12:44 PM, Andrei Alexandrescu wrote:
Consider the case
of designing a D wrapper for C functionality.
// C, we know it doesn't escape its parameters but the compiler doesn't.
void cFun(int* a, int* b);
// D:
void dWrapper(ref int a, ref int b) {
cFun(&a, &b);
}
I understand. Probably it's fine to require an explicit cast for taking
the address. Offhand, I don't see this as a frequent situation, or one
that would make pass-by-pointer unpalatable.
Pass-by-pointer is really, really ugly when used in high-level D-style
code, and exposes the implementation detail that the D wrapper is using
C code. By explicit cast, do you mean one in dWrapper() that's
encapsulated and invisible to the caller?
If you want the compiler to put extra restrictions on you in the name of
safety, that's what SafeD is for. If you're writing an @system function,
then the compiler should stay out of your way and let you do what you
want, unless it can **prove** that it's wrong.
The problem is, currently all functions that pass locals by ref cannot
be proven safe modularly.
Right, but they can be proven safe if they pass locals by ref **to @safe
functions**. I don't think there's any disagreement that @safe
functions shouldn't be allowed to take the address of locals or parameters.
