September 24, 2019 Re: Understanding DIP 1000 semantics -- Where's the bug? | ||||
---|---|---|---|---|
| ||||
Posted in reply to ag0aep6g | On Tuesday, 24 September 2019 at 13:35:04 UTC, ag0aep6g wrote:
>
> When using a pointer instead of `ref`, the code is rejected as expected even with the more complex body:
>
> ----
> @safe:
>
> int* foo(int* x)
> {
> int* a = x;
> return x;
> }
>
> void main() {
> int* p;
> {
> int x;
> p = foo(&x); /* error here */
> }
> }
> ----
That's a bad comparison. Refs aren't equivalent to unqualified pointers, they're equivalent to a scope pointers. By the way, with the following code:
@safe:
int* foo(scope int* x)
{
int* a = x;
return a; // Compile error: scope variable *a* may not be returned
}
void main() {
int* p;
{
int x;
p = foo(&x);
}
*p = 1; // Memory corruption
}
the compiler correctly identifies that the problem isn't "foo(&x)", but "return a", and gives an appropriate error message.
So the problem isn't a lack of flow analysis or wrong ref semantics, it's that ref isn't implemented the same way as scope.
(Anyone feel like submitting a bug report? I don't have an account)
|
September 24, 2019 Re: Understanding DIP 1000 semantics -- Where's the bug? | ||||
---|---|---|---|---|
| ||||
Posted in reply to Olivier FAURE | On 24.09.19 19:01, Olivier FAURE wrote: > Refs aren't equivalent to unqualified pointers, they're equivalent to a scope pointers. Whether `ref` does or should imply `scope` is topic of the discussion. > By the way, with the following code: > > @safe: > > int* foo(scope int* x) > { > int* a = x; > return a; // Compile error: scope variable *a* may not be returned > } > > void main() { > int* p; > { > int x; > p = foo(&x); > } > *p = 1; // Memory corruption > } > > the compiler correctly identifies that the problem isn't "foo(&x)", but "return a", and gives an appropriate error message. > > So the problem isn't a lack of flow analysis or wrong ref semantics, it's that ref isn't implemented the same way as scope. I think we're almost on the same page now. There are two ways to attack the issue: 1) Make `ref int` more like `scope int*`. I.e., disallow `return a;`. 2) Make `ref int` more like (unqualified) `int*`. I.e., disallow `foo(&x);`. Your vote is for #1. My vote is for #2. But mine is just a preference. I wouldn't fight against #1. |
September 24, 2019 Re: Understanding DIP 1000 semantics -- Where's the bug? | ||||
---|---|---|---|---|
| ||||
Posted in reply to ag0aep6g | On 24.09.19 19:49, ag0aep6g wrote: > On 24.09.19 19:01, Olivier FAURE wrote: [...] > I think we're almost on the same page now. And now I notice that you're not Sebastiaan Koppe, Olivier. I thought your post was by him. Sorry for the additional confusion. |
September 24, 2019 Re: Understanding DIP 1000 semantics -- Where's the bug? | ||||
---|---|---|---|---|
| ||||
Posted in reply to Olivier FAURE | On Tuesday, 24 September 2019 at 17:01:56 UTC, Olivier FAURE wrote: > That's a bad comparison. Refs aren't equivalent to unqualified pointers, they're equivalent to a scope pointers. Where does it say that? Would be good though. > By the way, with the following code: > > @safe: > > int* foo(scope int* x) > { > int* a = x; > return a; // Compile error: scope variable *a* may not be returned > } > > void main() { > int* p; > { > int x; > p = foo(&x); > } > *p = 1; // Memory corruption > } > > the compiler correctly identifies that the problem isn't "foo(&x)", but "return a", and gives an appropriate error message. That is because scope is inferred on `int* a`. |
September 25, 2019 Re: Understanding DIP 1000 semantics -- Where's the bug? | ||||
---|---|---|---|---|
| ||||
Posted in reply to Mike Franklin | On 9/21/2019 7:29 PM, Mike Franklin wrote:
> Which is it? Where's the bug? Shouldn't the compiler treat `int* i` and `ref i` consistently?
`ref` semantics are set up so a ref cannot escape the function it is passed to, hence there's no error. Pointers have no such restrictions, and so require an extra annotation `scope` to acquire the restriction.
|
September 25, 2019 Re: Understanding DIP 1000 semantics -- Where's the bug? | ||||
---|---|---|---|---|
| ||||
Posted in reply to Mike Franklin | On 9/22/2019 10:01 AM, Mike Franklin wrote:
> I don't know. I think Walter is the only one that can clear this up.
int* foo(scope ref int* p, ref int* q)
{
return p; // error
return q; // ok
}
I.e. with `ref int*` there are two pointers here - the ref pointer and the * pointer. The scope in `scope ref int*` refers to the * pointer, not the ref pointer.
|
September 25, 2019 Re: Understanding DIP 1000 semantics -- Where's the bug? | ||||
---|---|---|---|---|
| ||||
Posted in reply to Olivier FAURE | On 9/23/2019 1:46 AM, Olivier FAURE wrote:
> The following code compiles with -dip1000.
>
> @safe:
>
> int* foo(ref int x)
> {
> int* a = &x;
> return a;
> }
That's a bug. Not sure how I missed that. `a` should be inferred as `scope`.
|
September 25, 2019 Re: Understanding DIP 1000 semantics -- Where's the bug? | ||||
---|---|---|---|---|
| ||||
Posted in reply to Walter Bright | On 9/25/2019 10:36 PM, Walter Bright wrote: > That's a bug. Not sure how I missed that. `a` should be inferred as `scope`. https://issues.dlang.org/show_bug.cgi?id=20245 |
September 26, 2019 Re: Understanding DIP 1000 semantics -- Where's the bug? | ||||
---|---|---|---|---|
| ||||
Posted in reply to Walter Bright | On Thursday, 26 September 2019 at 05:36:39 UTC, Walter Bright wrote:
> On 9/23/2019 1:46 AM, Olivier FAURE wrote:
>> The following code compiles with -dip1000.
>>
>> @safe:
>>
>> int* foo(ref int x)
>> {
>> int* a = &x;
>> return a;
>> }
>
> That's a bug. Not sure how I missed that. `a` should be inferred as `scope`.
That is interesting. Thanks for the clear up.
|
Copyright © 1999-2021 by the D Language Foundation