I would like to separate this discussion of "utmost unsafe" from the original conversation about precondition-unsafety. I think it's a much more marginal feature with much higher implementation requirements, and it's basically taken over the thread. Do you folks mind if I split it into a different thread? Would you like to start that thread, @tera, or should I?
Please do, I don't know how to do that.
1 Like
Maybe the unsafe marker should be put before expressions and statements in the same way as try and await. This has the benefit of encouraging programmers to put the word unsafe as close as possible to the actual uses of unsafe functions, so it's easier to tell which function calls, exactly, need to be audited.
2 Likes
There is some precedent there: My understanding is that Rust allows unsafe blocks to be applied at the expression level, so you can say let y = 1 + unsafe { *ptr }; rather than unsafe { let y = 1 + *ptr; }.
I tried several times to split a few posts over to a new thread, but I ultimately decided that the conversations were too interwoven for that to work — I would've had to edit posts, which I'm always reluctant to do, and it would have destroyed a lot of useful context. I've therefore just created a new thread to talk about "utmost safe". Please feel free to continue that line of discussion in that thread.
6 Likes