Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Key word for dimensionally unsafe actions #20

Open
paholg opened this issue Nov 1, 2016 · 4 comments
Open

Key word for dimensionally unsafe actions #20

paholg opened this issue Nov 1, 2016 · 4 comments
Labels
help wanted question

Comments

@paholg
Copy link
Owner

paholg commented Nov 1, 2016

I would like to ensure that any interface that lets you take actions where units are not checked is clearly labeled.

For example, in v0.5 of dimensioned, there is a map function that lets you apply a function to the underlying value. In the rewrite, I am looking at having two functions, map and map_unsafe. Both do the same thing, but the new map is only defined when dealing with dimensionless quantities so you have no units to mess up.

I would like direct exposure to the underlying value to follow a similar naming convention, but the word "unsafe" has pretty clear memory-safety connotations in the Rust ecosystem and I would like to avoid it.

Thoughts?
@droundy
Copy link
Contributor

droundy commented Nov 2, 2016

I can't think of something better than unsafe. I think unsafe is sometimes used in rust even when memory safety is not at issue (but only correctness). I think that bypassing compile-time guarantees could qualify as unsafe. e.g. interpreting a 32-bit integer as a f32 is unsafe, even though it cannot lead to any memory corruption issues. It's only unsafe because it might give different answers on different architectures. But broadly speaking, dimensioned is preventing precisely the same kind of thing: accidentally treating a value as a different type of value.

@paholg
Copy link
Owner Author

paholg commented Nov 3, 2016

Unsafe it is!

@paholg paholg closed this as completed Nov 3, 2016
@ExpHP
Copy link

ExpHP commented Dec 1, 2017
edited

Rust's unsafe keyword is not so much about memory safety as it is about Undefined Behavior, and I feel that this usage of the term cheapens its meaning. I hope you may still consider changing this before an eventual 1.0.

I do not feel there needs to be a single term for this applicable in all contexts; one could call the member value_raw (or to really discourage its use, something unwieldy like internal_value). The phrase "dimensionally unsafe" can be replaced with phrases like "dimensionality is (un-)checked".

Re: integers to floats, f64::to_bits and from_bits (stabilized in 1.20) are unapologetically marked safe. There's a note on the latter that it may or may not mask signalling NaNs... but to my understanding, the question isn't whether or not Rust wants to provide "no signalling NaNs" as a guarantee, but rather, it's because nobody in the community really knows whether LLVM (or other platforms) considers them to invoke UB.

@paholg
Copy link
Owner Author

paholg commented Dec 1, 2017
edited

Reopening this issue to be considered for the next batch of breaking changes (which will likely be when const generics are a thing).

@paholg paholg reopened this Dec 1, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@droundy @ExpHP @paholg