@system blocks and safer @trusted (ST) functions

[jfondren]

On Sunday, 25 July 2021 at 21:26:27 UTC, Bruce Carneal wrote:
> Further posts are welcome but Joe and I are going mostly quiet 
> now, aiming for a concentrated DIP effort very late in the year.

Well, thanks, and good luck. I think if your DIP makes strong 
promises about how it will make the language much safer it is 
currently, that you'll see these same criticisms again about how 
potential safety actually remains the same.

If you make much more restrained claims, that "The name is the 
important change.", then any anticipated inconvenience with the 
rollout will seem to outweigh the benefit.

I recommend this justification for the DIP: what you are doing is 
*rehabilitating @trusted functions*, which are currently (for 
newbies) a bug-filled trap, and (for experts) disused in favor of 
@safe functions containing @trusted blocks. The language 
documentation tells people to use @trusted functions but the 
language in practice doesn't really have them.

That's simultaneously a humble change and one that substantially 
improves the language, vs. alternate proposal like "conform to 
Rust" that would add to D but leave it still having this 
@safe/@trusted/@system framework that doesn't work as intended.

People complain about "half-baked features" and here you would be 
proposing to bake this feature the rest of the way. That's a lot 
easier to support, and a more coherent language is something 
people can think about when they're having to touch a bunch of 
code as a result of the DIP changing the language.