Half-baked idea: postfix/monadic `unsafe`

scottmcm · May 16, 2019, 7:48pm

Two things come to mind for that:

Because it's affecting a block, not a value. This is the same way that it's async { ... }, not { ... }.async -- it's telling you context you need to understand the block. Similarly, { ... break x ... }.loop would be surprising because there wasn't the signpost warning you that the break was coming the way there is in loop { ... break x ... }. (And though I'm probably not in favour of actually doing this for break, note that loop { ... x.break ... } doesn't have the same "surprise" factor, the same way that async { ... x.await ... } doesn't.)
Because async/await is a delayable effect, but unsafe isn't. With async/await, you can call the function to get the impl Future outside an async block, then later choose whether or not to call .await on it. Similarly, you can get your Result, put it in a Vec, and later decide to ? on it. On the contrary, unsafe needs to be "proven" before the call -- you of course can't call the unsafe function from safe code then later somehow only use the result if it was sound. (const also happens like this, where you can't make something const later; it has to be const from the beginning.)

Topic		Replies	Views
[Pre-RFC] Another take at clarifying `unsafe` semantics	41	4210	March 25, 2019
Suggestion: Target-focused `unsafe` call language design	20	1185	December 30, 2020
What does `unsafe` mean? Unsafe Code Guidelines	66	11019	March 25, 2019
Extremely pre-rfc: postfix keywords for all	36	3740	November 17, 2019
Ability to call unsafe functions without curly brackets	54	2103	January 8, 2024