On 11/23/2016 3:05 AM, Mathias Lang wrote:
> [...]

It doesn't actually escape on your version, as main() doesn't return a void*. Corrected example:

--------------------
void* abc () @safe
{
    int x;
    void* escape = bar(&x);
    return escape;  // <== correction
}

void* bar (scope void* x) @safe
{
    return fun(&x);  // where the problem lies
}

void* fun (scope void** ptr) @safe
{
    return *ptr;
}
---------------------

Probably the best solution is to not allow taking the address of a scope local. Good catch!

On 11/23/2016 3:08 AM, Mathias Lang wrote:
> If I understand correctly, it's not @safe because it might free a reference
> which is still used elsewhere, making it dangling.

Yes.

> If we have the correct `scope` enforcement though, we can allow it *only at the
> scope which `new`ed it*, because we know it's not possible than any other place
> has a reference to it, as the reference would have to be `scope` as well.
>
> Does that make sense ?

Yes. I'll see if I can make that work tomorrow.

On Tuesday, 22 November 2016 at 14:09:49 UTC, Martin Nowak wrote:
> similarly to how &ary[$] is now possible

Huh? How could this be @safe? Does the resulting pointer somehow become "tainted" to avoid dereferencing it?

https://issues.dlang.org/show_bug.cgi?id=16747

On 11/23/2016 7:32 AM, Marc Schütz wrote:
> On Tuesday, 22 November 2016 at 14:09:49 UTC, Martin Nowak wrote:
>> similarly to how &ary[$] is now possible
>
> Huh? How could this be @safe? Does the resulting pointer somehow become
> "tainted" to avoid dereferencing it?

It's only allowed if it is the operand of a comparison operation.

On 11/22/2016 6:09 AM, Martin Nowak wrote:
> - what about unwanted/incorrect return scope inference
>
> Mixed return branches would conservatively assume a scoped return value?
> Is this a valid use-case? Should at least work with @system code.
>
> int* func()(int* arg, bool allocate)
> {
>     return allocate ? new int : arg;
> }

?: returns the most restrictive scope of any of its operands. This applies equally as well to a function with numerous parameters that are return scope or return ref.


> - what about return ref without scope
>
> Does return ref on parameters makes sense without scope?

Yes, see dip25.

> Can you take the address of an unscoped return ref result?

Taking the address of a ref makes it a scope.

On Saturday, 10 December 2016 at 05:00:42 UTC, Walter Bright wrote:
> On 11/22/2016 6:09 AM, Martin Nowak wrote:
>> - what about unwanted/incorrect return scope inference
>>
>> Mixed return branches would conservatively assume a scoped return value?
>> Is this a valid use-case? Should at least work with @system code.
>>
>> int* func()(int* arg, bool allocate)
>> {
>>     return allocate ? new int : arg;
>> }
>
> ?: returns the most restrictive scope of any of its operands. This applies equally as well to a function with numerous parameters that are return scope or return ref.
>

Not quite: https://issues.dlang.org/show_bug.cgi?id=16037

Also, another reason why tainting the STC of an aggregate is not a good idea:

struct Foo
{
    int* ptr;
}

void main () @safe
{
    Foo f;
    escape1(f);
    assert(*f.ptr == 42);
}

void escape1 (ref Foo f) @safe
{
    int i = 42;
    f.ptr = &i;
}

Moving from https://forum.dlang.org/post/o2llgd$2tuc$1@digitalmars.com

On Monday, 12 December 2016 at 08:01:19 UTC, Walter Bright wrote:
> On 12/11/2016 11:15 PM, Mathias Lang wrote:
>> On Monday, 12 December 2016 at 01:05:20 UTC, Walter Bright wrote:
>>> On 12/10/2016 6:14 AM, Mathias Lang via Dlang-internal wrote:
>>>> Since scope class are not testable, I wouldn't say it's finished.
>>>
>>> Please be more specific.
>>
>> - Due to a regression, we cannot have `scope`-allocated classes in `@safe` code
>> (https://github.com/dlang/dmd/pull/6279).
>
> That's both testable, and has been fixed.

?
The P.R. and bug report are still open. When was it fixed ?

```
T* foo (T) (T* arg)
{
    return arg;
}

int* escape () @safe
{
    int b;
    return foo(&b);
}

void main () @safe
{
    int* ptr = escape();
}
```

Compiles with `./src/dmd -transition=safe -run test.d` @ ac6f655030f814cd352a33b2c9490df16c84459d

On 12/12/2016 11:36 AM, Mathias Lang wrote:
> ```
> T* foo (T) (T* arg)
> {
>     return arg;
> }
>
> int* escape () @safe
> {
>     int b;
>     return foo(&b);
> }
>
> void main () @safe
> {
>     int* ptr = escape();
> }
> ```
>
> Compiles with `./src/dmd -transition=safe -run test.d` @
> ac6f655030f814cd352a33b2c9490df16c84459d
>

Thanks. Will investigate.