It seems like a lot of people new to Rust get confused by the dual-use meanings of the “unsafe” keyword:
- Declaring a Trait or Function has an unsafe contract that must be upheld to implement/call
- Declaring that contracts have been upheld
For example, see this person’s confusion in this post: https://users.rust-lang.org/t/can-we-get-rid-of-the-unsafe-wrapper-of-os-functions/16134
It would perhaps be better if a different keyword(s) were used. For example, use “unsafe contract” (or just “unsafe”) for function/trait definitions and “verified contract” (or just “verified”) for “unsafe” blocks and trait impl’s.
This has been bike-shedded to death I’m sure, but, since it seems to be a significant source of confusion about “unsafety of Rust”, perhaps it is worth another go-round of a discussion in the community and perhaps an RFC? Especially given the new/upcoming 2018 Edition where keyword deprecation could be reasonably accommodated.
Any appetite for that?
NOTE: I first posted this to the General Rust Forum, but, it seems more appropriate tot the “Internals” Forum: https://users.rust-lang.org/t/ambiguity-of-unsafe-causes-confusions-in-understanding/16135