Type construction safety: unsafe struct / unsafe drop

I never said how you needed to verify blocks, or what verification entails. Only that they need to be verified.

edit: actually I did say this, where I showed that a single verified/unsafe block could poison the entire crate, or be as limited as a single function.

There is currently a clippy lint for unsafe functions without safety docs, maybe this can be extended to unsafe blocks?

FWIW, rustc/std just recently added a tidy lint (roughly) requiring a comment explaining the soundness of individual unsafe blocks (or a file-wide opt out). A clippy::pedantic (i.e. opt-in) lint enforcing the same requirement would definitely make sense.

2 Likes