On Mon, 12 May 2025 at 21:10, Richard (Rikki) Andrew Cattermole via Digitalmars-d <digitalmars-d@puremagic.com> wrote:

On 12/05/2025 10:55 PM, Manu wrote:
> `scope` shouldn't depend on @safe, and Walter above said it depended
> only on -dip1000.
> So, if it only works with @safe, I repeat again; WHY? It's not only
> redundant annotation, but it's also a ticking bomb waiting to explode...
> I already commented on this.

@safe is the static analysis on a function that the compiler guarantees
is memory safe.

`scope` has nothing to do with @safe. I want to prohibit the callee retaining the argument; simple as that.

@trusted is the escape hatch where you have to do something that the
compiler cannot make guarantees for.

This has nothing to do with @safe.

@system has no guarantees associated with it.

All scope says is that this variable will not escape this function.

Exactly. Nothing to do with @safe.

It does not have any kind of ownership properties.

Correct.

It is not redundant information, it does serve an important purpose in
escape analysis.

Incorrect.

When you see no attributes, think unknown escape behavior, it is not
modeled. Not, this doesn't escape, or it escapes into an unknown
location. These are all different things.

Okay, I'll repeat for the 3rd time or so; when `scope` is annotated to an argument, it MUST have effect, otherwise an escape related crash is inevitable that the user intended to prevent, and when they start debugging and trying to track down the issue; they will see the `scope` annotation, assume it's not that, then move on to continue looking in the wrong place for their issue.

`scope` has nothing to do with @safe, and it MUST work in its own right, otherwise the code is lying to the author, and it's an effective liability.