Sent from my Galaxy
You need to explain how your proposal prevents non-trivial UaF that are not already trivially prevented (which literally *every* single one of your examples demonstrates - you cannot involved lexically bound lifetime), how it provides a better solution than simply using smart pointers, if not using smart pointers how you manage lifetime of the storage objects for these references, how it works with references and pointers to subobjects, how it works with pointer parameters without changing the source and compiled ABI.Ok, let me illustrate with a silly example:1- let's take the current state of the 'delete expression as par the current pre-conditions, i.e, it doesn’t take by reference, and it doesn't null its argument. Expl:----- begin snippet----{ T* p = new T; Dll_fn_takes_by_Copy (p); delete p;}/// somwhere in a dll libraryvoid Dll_fn_takes_by_Copy(T* pt){ T* ptr = new T; // use ptr, and pt delete pt;}----- end snippet-----The dll source is inaccessible to me, or my static analyzer. Can you catch the bug?I am pretty sure you did.Instead of deleting 'ptr', the dll deleted 'pt'.Just one character missed unintentionally. How can I guess, what happened in my code?Especially if the dll documentation says explicitly that they don't delete the passed pointer.I fall in double free bug.Now take the same example with the proposal.i.e. the delete expression takes a reference argument, and nulls out it + the guideline pass by reference. ----- begin snippet----{ T* p = new T; Dll_fn_takes_by_ref (p); if(p) delete p;}/// somwhere in a dll libraryvoid Dll_fn_takes_by_ref(T* &pt){ T* ptr = new T; // use ptr, and pt delete pt;}----- end snippet-----Here no matter what unintentional error happens in the dll, I can safe guard against it.Is my example clear?