Hi, I'm reading the rustc book right now. But after looking at the rustc book, I'm still confused about the handling of unsafe rust. As described in the book, rustc's main job is to ensure that unsafe rust can only be used in unsafe blocks, and that a warning lint is reported if redundant unsafe blocks are used.
The question is: I still don't understand how unsafe rust operations bypass rust's memory-security guarantees. I do not find that the rustc compiler relaxes borrowing checks for unsafe blocks or unsafe fn. So why does an unsafe operation bypass rustc's memory security check?
One question I'm more interested in is if I overuse an unsafe block of code, as follows:
pub fn grow(&mut self, new_cap: usize) {
unsafe {
let (ptr, &mut len, cap) = self.triple_mut();
let unspilled = !self.spilled();
assert!(new_cap >= len);
if new_cap <= self.inline_size() {
if unspilled {
return;
}
self.data = SmallVecData::from_inline(mem::uninitialized());
ptr::copy_nonoverlapping(ptr, self.data.inline_mut().ptr_mut(), len);
} else if new_cap != cap {
let mut vec = Vec::with_capacity(new_cap);
let new_alloc = vec.as_mut_ptr();
mem::forget(vec);
ptr::copy_nonoverlapping(ptr, new_alloc, len);
self.data = SmallVecData::from_heap(new_alloc, len);
self.capacity = new_cap;
if unspilled {
return;
}
}
deallocate(ptr, cap);
}
}
As you can see, I put a lot of code into an unsafe block that could be executed without the unsafe block. Are there any practical problems with this (performance or security)? In addition to affecting code readability.