On 8/14/2011 12:44 PM, Andrei Alexandrescu wrote:
On 8/14/11 10:28 AM, dsimcha wrote:
I think this is an absolutely terrible idea, unless it has an "I know
what I'm doing, let me cast away the safety" loophole.
I'm weary of absolute qualifications, particularly after arguments have
been made in favor of the idea that are not refuted.
What do you mean "absolute qualifications"?
Consider the case
of designing a D wrapper for C functionality.
// C, we know it doesn't escape its parameters but the compiler doesn't.
void cFun(int* a, int* b);
// D:
void dWrapper(ref int a, ref int b) {
cFun(&a, &b);
}
I understand. Probably it's fine to require an explicit cast for taking
the address. Offhand, I don't see this as a frequent situation, or one
that would make pass-by-pointer unpalatable.
Pass-by-
If you want the compiler to put extra restrictions on you in the name of
safety, that's what SafeD is for. If you're writing an @system function,
then the compiler should stay out of your way and let you do what you
want, unless it can **prove** that it's wrong.
The problem is, currently all functions that pass locals by ref cannot
be proven safe modularly.
Right, but they can be proven safe if they pass locals by ref **to @safe
functions**. I don't think there's any disagreement that @safe
functions shouldn't be allowed to take the address of locals or parameters.
