Discussion Thread: DIP 1035-- at system Variables--Community Review Round 2

[Steven Schveighoffer]

On 2/27/21 4:13 PM, Paul Backus wrote:
> I understand from previous discussions that you have some less-rigorous 
> ideas about what is "useful to programmers" and what is not, but I think 
> this is an occasion where rigor is warranted.

This is going quite off topic, but I wanted to say this is absolutely 
not the driver for my point of view. It is not a matter of rigor but a 
matter of what are the expectations of what @safe should imply.

My point of view is that if the semantic meaning of a a @safe union 
between an int and a pointer currently is that the pointer isn't usable 
even in @trusted code (even though the compiler doesn't prevent you from 
doing it), then this is going to violate the expectations of the 
programmer (why would he write a union, when you can only use one of the 
members).

We should not only focus in our concept of @safe in proving the memory 
safety of the rules we come up with, but in coming up with rules that 
make sense in the context of utility to the programmer. We can make up 
whatever rules we want, and based on those rules, we can prove safety, 
but if the result is "you can do this, but it NEVER is usable", I think 
we can do better.

-Steve