Skip to content

TRPL states that unsafe occurs in two locations #26345

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Gankra opened this issue Jun 16, 2015 · 3 comments
Closed

TRPL states that unsafe occurs in two locations #26345

Gankra opened this issue Jun 16, 2015 · 3 comments

Comments

@Gankra
Copy link
Contributor

Gankra commented Jun 16, 2015

In the unsafe section:

unsafe is used in two contexts... the first one is to mark a function as unsafe ... The second use of unsafe is an unsafe block

It occurs in 4-5 depending on how you count:

  • unsafe fn
  • unsafe trait
  • unsafe block
  • unsafe impl
  • #[unsafe_no_drop_flag]

In my TURPL draft I currently state the following:

Their are several places unsafe can appear in Rust today, which can largely be
grouped into two categories:

  • There are unchecked contracts here. To declare you understand this, I require
    you to write unsafe elsewhere:
    • On functions, unsafe is declaring the function to be unsafe to call. Users
      of the function must check the documentation to determine what this means,
      and then have to write unsafe somewhere to identify that they're aware of
      the danger.
    • On trait declarations, unsafe is declaring that implementing the trait
      is an unsafe operation, as it has contracts that other unsafe code is free to
      trust blindly.
  • I am declaring that I have, to the best of my knowledge, adhered to the
    unchecked contracts:
    • On trait implementations, unsafe is declaring that the contract of the
      unsafe trait has been upheld.
    • On blocks, unsafe is declaring any unsafety from an unsafe
      operation to be handled, and therefore the parent function is safe.

There is also #[unsafe_no_drop_flag], which is a special case that exists for
historical reasons and is in the process of being phased out. See the section on
destructors for details.
@Gankra Gankra added the A-docs label Jun 16, 2015
@Gankra
Copy link
Contributor Author

Gankra commented Jun 16, 2015

Note that Send and Sync are the only two stable unsafe traits, but there are more in the unstable pipeline.

@arielb1
Copy link
Contributor

arielb1 commented Jun 16, 2015

Is #[unsafe_no_drop_flag] the only unsafe attribute?

@Gankra
Copy link
Contributor Author

Gankra commented Jun 16, 2015

To my knowledge. We used to have unsafe_drop or whatever but dropck has subsumed it.

steveklabnik added a commit to steveklabnik/rust that referenced this issue Jul 7, 2015
@steveklabnik
There are four uses of unsafe, actually
73df19a 
I am not mentioning #[unsafe_drop_flag] because it should go away
eventually, and also because it's just an attribute, it's not
really a use of the `unsafe` keyword.

Fixes rust-lang#26345
@steveklabnik steveklabnik mentioned this issue Jul 7, 2015
Merged
steveklabnik added a commit to steveklabnik/rust that referenced this issue Jul 7, 2015
@steveklabnik
Rollup merge of rust-lang#26854 - steveklabnik:gh26345, r=alexcrichton
743a9e6 
I am not mentioning #[unsafe_drop_flag] because it should go away
eventually, and also because it's just an attribute, it's not
really a use of the `unsafe` keyword.

Fixes rust-lang#26345
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Gankra @arielb1