Skip to content

Instantly share code, notes, and snippets.

@Tobba

Tobba/0000-no-unsafe-interior.md

Last active August 29, 2015 14:07
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Tobba/0ebba7f5aff6b8d87104 to your computer and use it in GitHub Desktop.
Save Tobba/0ebba7f5aff6b8d87104 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
0000-no-unsafe-interior.md
  • Start Date: (fill me in with today's date, YYYY-MM-DD)
  • RFC PR: (leave this empty)
  • Rust Issue: (leave this empty)

Summary

Stop marking the entire interior of unsafe functions as unsafe, thus requiring unsafe functions to have smaller inner unsafe blocks holding only the operations which are actually unsafe.

Motivation

Unsafe blocks should remain minimal in size to ease the manual verification of unsafe code. Marking a function unsafe is done to indicate that it performs unsafe operations on its input or has unsafe side effects. However, currently all unsafe-marked functions implicitly have their entire interior unconditionally marked unsafe. This makes it difficult to verify the parts of the function that are actually unsafe.

Detailed design

Stop marking the interior of an unsafe function as unsafe.

Drawbacks

This may result in some syntactic noise in unsafe functions which perform a lot of unsafe operations. This is also not necessarily a bad thing.

Alternatives

None so far.

Unresolved questions

None so far.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment