Unsafe code annotations

Ixrec · January 19, 2019, 8:36pm

Two quick thoughts:

In order for this to be meaningfully different from a comment, there must be a tool that reads these and does something with them, right? Maybe an extension to cargo crev, since you’d presumably want a whole-crate review in addition to a review of any specific unsafe block.
safe is a uniquely problematic name, even for a strawman, because if “safe unsafe code” is a legitimate thing to say, that makes the meaning of unsafe even more subtle than it already is. We definitely don’t need a serious bikeshed right now, but I’d like to suggest “sound” / #[sound()] for code that doesn’t cause UB and “unsound” for code that does cause UB (so “all safe code is sound”, “unsafe code may be sound or unsound”, “unsound code is always bad”, “unsafe code is fine if you can prove it’s sound” would all be true, which seems reasonable to me).

Topic		Replies	Views
[Pre-RFC] Another take at clarifying `unsafe` semantics	41	3880	March 25, 2019
Pre-RFC: making unsafe more safe to use language design	12	3143	March 25, 2019
Unsafe categories	18	1292	December 14, 2021
[Pre-RFC] Rustc and Handling Unsafe Code	7	954	October 16, 2019
Allow safety checks inside unsafe functions Unsafe Code Guidelines	4	990	April 9, 2021