[wgd]

Jokes aside the compiler-checked acknowledgements are kind of clever. The example in the docs is deliberately confrontational, but there's a kernel of a neat idea there. Imagine needing to write:

  // I acknowledge that the internal structure of this data is subject to change without notice
  x = foo.state

Or perhaps:

  // I acknowledge that this data is a complicated graph of pointers and is easy to break in subtle ways
  foo.xyz[0].bar[1] = &foo.asdf[3]

Or perhaps:

  // I acknowledge that this data is heavily cached and I need to call rebuild() before changes take effect
  x.something = "Hello"
  x.rebuild()

[chrismorgan]

Ah, fond recollections of a decade ago in <https://sourceforge.net/p/portableapps/launcher/ci/default/t...>:

    ; We had fun deciding on these.
    ReadEnvStr $1 IPromiseNotToComplainWhenPortableAppsDontWorkRightInProgramFiles
    ${If} $1 S== "I understand that this may not work and that I can not ask for help with any of my apps when operating in this fashion."
        ${DebugMsg} "You're making me sad by the way you voided your warranty, running in Program Files."
    ${Else}
        ; This string doesn't let on about the disable switch (by design)
        MessageBox MB_OK|MB_ICONSTOP `$(LauncherProgramFiles)`
        Quit
    ${EndIf}

I’ve done one or two other extremely verbose environment variable names and values or function names, but this is the only one that’s springing to mind right now.

Not sure quite why we decided to allow it at all there, but I suspect I just had too much fun with it. Not sure why it ended up spelled “can not” instead of “cannot”, either.

(If you’re wondering about ${…} on If/Else/EndIf, that’s because NSIS is basically an assembly language and has only jumps for control flow; LogicLib.nsh provides nice control flow constructs via defines and macros, abstracting the automatic creation of labels and the right jumps so that that `${If} $1 S== "…"` compiles to `StrCmpS $1 "…" 0 ‹auto-else-label›`, `${Else}` to `Goto ‹auto-endif-label›; ‹auto-else-label›:`, and ${EndIf} to `‹auto-endif-label›:`.)

[miamibougie]

Wouldn't these use-cases be better solved by public accessor methods though? I really liked the idea at first blush too, but the more I thought about it, the more I came around to the fact that it's ultimately the class maintainer's responsibility to ensure that the directives in those comments are followed safely. In cases like your first example, it's dangerous not just for the x reference of foo.state, but also any other concurrent references to the object, to perform modifications at all.

Maybe a read-only version, so you can grep state at a point in time?

[wgd]

> it's ultimately the class maintainer's responsibility

It's ultimately the responsibility of the programmer who's building a tool/product/etc, because everything is ultimately their responsibility.

As programmers we ~always have the nuclear option available to us of forking the code and implementing all the necessary accessors ourselves, but sometimes that's really just a bunch of pointless busywork and there's no reason we should have to put up with it in those cases.

This can be a contentious subject because there's a lot of nuance and the right answer is often context-dependent. But I personally think that the Java style of "we must absolutely protect the library user from themselves and childproof everything" is waaaay too far in the wrong direction.

I would much rather that a language have mechanisms to clearly communicate "don't touch this unless you have a good reason, but if you need to here's how" rather than saying in effect "you, the person using this library, are dumb and need to be prevented from messing with the library maintainer's perfect vision".

And so I think the "required acknowledgement" thing has the glimmer of a really neat innovation in it (although if I were to copy the idea for a language of my own I would probably make it obligatory, such that every struct allows breakglass access to private fields with a default acknowledgement, and all the library author can do is change the acknowledgement text).

[to11mtm]

> This can be a contentious subject because there's a lot of nuance and the right answer is often context-dependent. But I personally think that the Java style of "we must absolutely protect the library user from themselves and childproof everything" is waaaay too far in the wrong direction.

I tend to agree with this sentiment; especially when the 'child-proofing' means to do the thing right with the library/api in question is more work than just rolling your own.

> I would much rather that a language have mechanisms to clearly communicate "don't touch this unless you have a good reason, but if you need to here's how" rather than saying in effect "you, the person using this library, are dumb and need to be prevented from messing with the library maintainer's perfect vision".

In some cases I've seen/used the term 'Unsafe'.

C# language-ext uses this for some methods that can return null (as opposed to un-Unsafe-suffixed methods, which will throw on null). I've also used it for some 'low level' methods in libraries, where it is a case of 'you need to read the docs to know how to not turn it into a footgun'.

The problem of course is that in my main language (C#), the word 'unsafe' has other connotations (i.e. pointer arithmetic.)

When I first submitted my PR, there were numerous developers who did not like the term 'Unsafe' for the reasons mentioned above. I asked what it should have been called in that context instead, and floated 'Yolo' as a tongue-in-cheek suggestion.

(That being said, If there -was- a word to use to denote 'with great power comes with great responsibility' people would suggest, I'd love to hear it.)

[ianbutler]

I'd put forth dangerous, which is a synonym to unsafe but not a common keyword.