On Friday, 27 February 2015 at 02:58:31 UTC, Andrei Alexandrescu
wrote:
I'm following with interest the discussion "My Reference Safety
System (DIP???)". Right now it looks like a lot of work - a
long opener, subsequent refinements, good discussion. It also
seems just that - there's work but there's no edge to it yet;
right now a DIP along those ideas is more likely to be rejected
than approved. But I certainly hope something good will come
out of it. What I hope will NOT happen is that people come to
me with a mediocre proposal going, "We've put a lot of Work
into this. Well?"
Can I ask you a general question about safety: If you became
convinced that really great safety would *require* more function
attributes, what would be the threshold for including them? I'm
trying to "go the whole hog" with safety, but I'm paying what
seems to me the necessary price -- more parameter attributes.
Some of these gains ("out!" parameters, e.g.) seem like they
would only apply to very rare code, and yet they *must* be there,
in order for functions to "talk" to each other accurately.
Are you interested in accommodating the rare use cases for the
sake of robust safety, or do you just want to stop at the very
common use cases ("ref returns", e.g.)? "ref returns" will
probably cover more than half of all use cases for memory safety.
Each smaller category will require additions to what a function
signature can contain (starting with expanding `return` to all
reference types, e.g.), while covering a smaller number of actual
use cases... but on the other hand, it's precisely because they
cover fewer use cases that they will appear so much less often.
