So I’ve been thinking about how to approach this unsafe code guidelines discussion. I think it’s great that we’re focusing on particular issues on the repo (and I’ve got a bunch of those discussions to catch up on…) but the conversation generally feels a bit “in the weeds” to me right now. Basically I find that I cannot see the forest for all the trees right now. I think we need to spend some time trying to “tile the space” of the “philosophy” that we will use to judge whether code examples / optimizations are to be considered legal.
To that end, I wanted to propose a couple of prongs of investigation:
- First, documenting and proposing higher-level models. For example, I wrote up a K-model (K for “Kind” of issue) describing the Tootsie Pop model and some of its known shortcomings (mostly I just referenced my blog post). I would like to see @arielb1/@ubsan write up a summary of the model that they floated here; I’m also happy to give it a shot, based on my conversations with @arielb1. I have some thoughts about another possible approach that I will try to write-up (don’t have a cutesy name for it yet).
- Second, continued exploration of unsafe code patterns that are used in practice, by which I think we will judge models. I created issue #18 to help focus this exploration.
Finally, I think there is some place for discussions of invariants or high-level principles. At the moment though I have to run so I can’t devote a lot of energy trying to figure out a good starting point for that discussion. =) An immediate example that leap to mind is whether the presence of an
unsafe keyword ca affect whether code is legal, etc. It may be though that it’s more valuable to discuss these in the contexts of the higher-level models.