Both safe and wrong?

[ag0aep6g]

On 08.02.19 09:31, Jonathan M Davis wrote:
> Except that there's no such thing as an @safe or @system variable.

Of course there isn't now. The idea is to add that concept to the language.

> You're
> talking about the exact same problem as when you have an @safe function
> which takes a pointer, and you give it a pointer to invalid memory.

In that scenario, you're making the invalid call from @system/@trusted 
code. There you're supposed to watch out for this kind of stuff.

You might argue that globals are located in an @system context, so it's 
okay when they compromise otherwise @safe functions. Then one just has 
to take care when declaring globals, since they're inputs to all @safe 
functions. I guess that's a reasonable position, but I don't think it's 
the most useful one.

Right now, to ensure that a program is actually safe, one has to:

1) Check `main`. I.e., mark it @safe, or verify it manually.
2) Manually verify all @trusted code.
3) Check all static constructors.
4) Check all statically initialized variables that are not in a 
function: module-level variables, class/struct fields, anything else?
5) Account for bugs in @safe and stuff that I'm forgetting here.

Ideally, the list would be as short as possible. So if we can eliminate 
#4, that would be a good thing, in my opinion.