Hi all, I wanted to reach out before putting big reams of words together for some feedback around previous Unsafe usage discussions, in case this idea has been floated before.
My idea is to propose the following in an RFC:
Unsafe Code Comes with a Warning
#![warn(unsafe_code)] compiler lint is switched on by default and becomes becomes an opt-out warning message (instead of the current opt-in), this warning can then be turned into an error using the
This warning should apply to all crates in the project, thus allowing a user to see these warnings and be drawn to the use of unsafe code in any of the crates that the users included in Cargo.toml.
Unsafe Code Can be signed off
As many of us know,
unsafe is not always problematic, sometimes it is really necessary, which leads to the second part of the proposal, an annotation with which the
unsafe code warning lint can be suppressed. The same mechanism that suppresses other warning can be re-used or a new annotation can be added, perhaps something like:
#[unsafe-signoff: "I'm just that good, this can't possibly be UB"],
#[unsafe-signoff: "Unsafe use mandated for FFI"],
#[unsafe-signoff: "See comment above for motivation"], etc.
This can then be applied to the various bits and pieces of the
std library, for example, serving as a sign of quality and a bit of an education.
Signoff Messages can be disabled/ignored
Lastly a compiler flag will be proposed that will disable the annotation/suppression, something along the line of:
This will allow developers to view all use of
unsafe in their projects.
Has a strategy like this been considered before, are these ideas worth turning into an RFC? The idea here is to nudge developers on the importance, to the community, of protecting the rust ecosystem as a whole.
Any comments welcome.