-
Notifications
You must be signed in to change notification settings - Fork 13k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Document the unsafe keyword #73943
Document the unsafe keyword #73943
Conversation
r? @dtolnay (rust_highfive has picked a reviewer for you, use r? to override) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not super experienced in unsafe, just a few ideas I had off the top of my head.
Modified lots of things ! The biggest change is the new |
I don't know who on T-doc reviews this kind of thing but let's try this: r? @rylev |
@bors delegate=rylev |
✌️ @rylev can now approve this pull request |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@dtolnay I'm not sure if I'm the right person since the dissolution of the docs team. Happy to do reviews though.
@rylev I changed the wording, is it better ? I'm still not particularly satisfied about my solution to the last point you made: here is what I wrote now but it feels heavy and forced to me, I you have anything better I'll take it ! -/// This different meanings have led to [discussion]s about the ability to make
-/// `unsafe` operations inside `unsafe fn`.
+/// As of now (Rust 1.44), this meanings become entwined when writing an
+/// `unsafe fn`: this syntax acts like an `unsafe` block around the code inside
+/// the function **and** as a signal to callers about the conditions they must
+/// met before using it.
+///
+/// Mixing this two meanings as one can be confusing and [discussion]s exist
+/// about the necessity to use `unsafe` blocks inside such functions when making
+/// `unsafe` operations. |
@poliorcetics What is -/// This different meanings have led to [discussion]s about the ability to make
-/// `unsafe` operations inside `unsafe fn`.
+/// As of now (Rust 1.44), `unsafe fn` can act like an `unsafe` block around
+/// the code inside the function **or** a signal to callers that some conditions
+/// must be met before using it.
+///
+/// Mixing these two meanings can be confusing and [discussion]s exist to use
+/// `unsafe` blocks inside such functions when making `unsafe` operations.
What conditions? |
I was thinking about the conditions to safely call an |
66a195f
to
03d03be
Compare
41a9fe5
to
f848b30
Compare
909b558
to
7b61eaf
Compare
☔ The latest upstream changes (presumably #73265) made this pull request unmergeable. Please resolve the merge conflicts. |
e16c8fa
to
1e09add
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for this! I have two small edits, r=me after
@steveklabnik done, do you want me to squash ? |
@poliorcetics better to squash |
e4a065c
to
0e610bb
Compare
Rebased and squashed :) |
@bors r=steveklabnik rollup |
📌 Commit 0e610bb has been approved by |
Rollup of 17 pull requests Successful merges: - rust-lang#73943 (Document the unsafe keyword) - rust-lang#74062 (deny(unsafe_op_in_unsafe_fn) in libstd/ffi/c_str.rs) - rust-lang#74185 (Remove liballoc unneeded explicit link) - rust-lang#74192 (Improve documentation on process::Child.std* fields) - rust-lang#74409 (Change Debug impl of SocketAddr and IpAddr to match their Display output) - rust-lang#75195 (BTreeMap: purge innocent use of into_kv_mut) - rust-lang#75214 (Use intra-doc links in `mem::manually_drop` & `mem::maybe_uninit`) - rust-lang#75432 (Switch to intra-doc links in `std::process`) - rust-lang#75482 (Clean up E0752 explanation) - rust-lang#75501 (Move to intra doc links in std::ffi) - rust-lang#75509 (Tweak suggestion for `this` -> `self`) - rust-lang#75511 (Do not emit E0228 when it is implied by E0106) - rust-lang#75515 (Bump std's libc version to 0.2.74) - rust-lang#75517 (Promotion and const interning comments) - rust-lang#75519 (BTreeMap: refactor splitpoint and move testing over to unit test) - rust-lang#75530 (Switch to intra-doc links in os/raw/*.md) - rust-lang#75531 (Migrate unit tests of btree collections to their native breeding ground) Failed merges: r? @ghost
Partial fix of #34601 (just one more and it will be done 😄).
I tried to be concise and redirect as much as possible on other, longer resources, exposing only the strict necessary.
I also used
SAFETY:
comments to promote good documentation.I would like a thorough review to ensure I did not introduce mistakes that would confuse people or worse, lead them to write unsound code.
@rustbot modify labels: T-doc,C-enhancement
Edit: this is now the last PR for the original issue: fixes #34601.