Unsafety Check in MIR/THIR

Hi all! I have some questions about rustc compilation and IRs. According to The THIR (Typed High-level IR) - Guide to Rustc Development and refactor the unsafe checking to work on the THIR · Issue #402 · rust-lang/compiler-team · GitHub, Unsafety Check is performed even in the MIR stage by default. And I understood that if the compile with flag(-Z thir-unsafeck) is used, Unsafe checker is performed in THIR. Here's what I'm curious about:

  1. If the compilation start without any flag(-Z thir-unsafeck), does unsafe checker performs only in MIR not THIR? If so, does the process go directly from HIR to MIR without generating THIR?

  2. If the compilation start without any flag(-Z thir-unsafeck), does unsafe checker performs only in THIR not MIR?

  3. As i know, there are many problems with the Unsafe Check in MIR. So we can set the Flag(-Z thir-unsafeck) and we can compile the RUST program to check the Unsafety in THIR. Then, why is the Unsafe Checker not performed in THIR by default?

Thank you! Have a nice Day!

Yes

No, it always goes from HIR -> THIR -> MIR.

I believe so.

It is a breaking change as the THIR unsafeck is a bit more strict. As such the move has to be carefully coordinated. In addition I'm not sure if the THIR unsafeck is production ready yet, or if it has soundness issues.

1 Like

As a good analogy, look at the transition to the NLL borrowchecker. It took a while to write it, a while to be confident in its correctness, and a while to give a nice transition strategy (see "migration mode"). So in the end, it took something like half a decade to fully move to it: Non-lexical lifetimes (NLL) fully stable | Rust Blog

Hopefully the unsafety checking change won't take that long, but Rust takes its stability guarantees seriously, so changes can definitely take longer now than than they would have back in the pre-1.0 days when "this is better but breaks some questionable code" was totally fine.

1 Like