On Saturday, 10 November 2018 at 06:56:29 UTC, Neia Neutuladh
wrote:
The following code doesn't work with @safe -dip1000:
int* p;
int i;
p = &i;
i has a shorter lifetime than p, the compiler complains.
But this code does:
int i;
int* p;
p = &i;
The compiler does this even in the absence of scope guards and
destructors because simple, obvious rules will be easier to
understand and implement than nuanced ones, even if it makes
you reorder declarations sometimes.
Is this right?
Yep, you just over-simplified the first case. Consider:
int* p;
{
int i;
p = &i;
}
*p = 42;
or even:
module thing;
int* global;
void foo() {
int i;
global = &i;
}
...much simpler to just go by the lifetime, instead of attempting
to do a complex analysis. Because for the latter, it would then
*need* to be deep to be of any use at all. Especially in a
language that has static ifs:
// parameter is not scope, function is not pure, etc.
void nasty(int* p) { /* ... */ }
void main() {
int *p;
int i;
p = &i;
static if (someCondition) nasty(p);
}
