Feedback Thread: DIP 1035-- at system Variables--Final Review

[Paul Backus]

On Saturday, 19 February 2022 at 12:26:26 UTC, Mike Parker wrote:
> This is the feedback thread for the Final Review of DIP 1035, 
> "@system Variables".
[...]
> You can find DIP 1035 here:
>
> https://github.com/dlang/DIPs/blob/4d73e17901a3a620bf59a2a5bfb8c433069c5f52/DIPs/DIP1035.md

In the "Example: `int` as pointer" section, the following  
sentence appears:

> Because an `int` is a safe type, any `int` value can be created 
> from `@safe` code, so any memory corruption that could follow 
> from escaping a `scope int` could also result from creating the 
> same `int` value without accessing the variable.

This sentence correctly recognizes that (absent incorrect  
`@trusted` code elsewhere) there is no memory-safety risk in  
allowing a value without indirections to escape from a function.

It also completely undermines the example's motivation. If  there 
is no benefit to memory-safety from applying `scope`  checking to 
data without indirections, then there is no  justification for 
enabling such checks in all `@safe` code,  even if they may 
occasionally be "desirable" for other,  non-memory-safety-related 
reasons.

Later, in the "Description" section, we find the following  
sentence:

> The `scope` keyword is not stripped away [from an aggregate 
> with at least one `@system` field], even when the aggregate has 
> no members that contain pointers.

The only justification for this appears to be the example  
discussed above.

Both this sentence, and the example that attempts to support  it, 
should be removed from the DIP.