Rfcs: Just an suggestion: maybe keyword "unsafe" is not a good term

Created on 19 Jan 2020  路  4Comments  路  Source: rust-lang/rfcs

Rust gives we programmers strong safety(thanks for Rust team~), but also gives us freedom to write some code maybe unsafe with keyword "unsafe". But as should be known to all Rust programmers, it doesn't mean the code be tagged as "unsafe" is exactly unsafe, as long as we know what we are doing (no undefined behavior).

For example (maybe crazy), about the classic panic issue--- giving a value to a vector with index that is out of range. Does it should be recognized as unsafe all the time? Generally, yes , it is unsafe. But what if as a reverse engineering, I know exactly what the data in heap is, and for some purpose, I want to give a value exactly behind the "safe" bound of the vector?

Here, what I want to point out is that I agree with what Rust team think about what Rust should be. But following the road, I think maybe the keyword "unsafe" is too subjective, maybe a word more objective is better ,like say "caution". Though in my own style , I would prefer "!", but to follow Rust philosophy, a more complex word may be better to caution us and try best to avoid it.

Ok, I have to admit that the reason for this suggestion is due to the recent "Actix" issue, I don't want to someone who would be pissed off by just not quite knowing about the keyword "unsafe" ,but not exactly unsafety.

picture dbsxdbsx
😕2

Most helpful comment

This was discussed over five years ago in detail: https://github.com/rust-lang/rfcs/pull/117

I don't think much has changed since then. Other than the fact that the unsafe keyword is used even more today, and thus the bar to changing it has likely appropriately increased.

I do not see this happening.

picture BurntSushi on 19 Jan 2020
6

All 4 comments

This was discussed over five years ago in detail: https://github.com/rust-lang/rfcs/pull/117

I don't think much has changed since then. Other than the fact that the unsafe keyword is used even more today, and thus the bar to changing it has likely appropriately increased.

I do not see this happening.

BurntSushi picture BurntSushi on 19 Jan 2020
6

Unsafe does not mean the code is unsafe. Code that causes problems can be anywhere. Unsafe means you have entered a place that is unsafe. The compiler wants to protect you, but you have gone into the wilderness. If your code is tough, it may survive, but dragons lurk here.

Zexbe picture Zexbe on 19 Jan 2020
1

The naming is somewhat unfortunate, but the way to think about it is: walking on a tightrope is definitely unsafe, but that doesn't guarantee you'll fall: if you're careful and have training, you won't fall.

It's the same with unsafe in Rust as well: it is certainly dangerous and you need to be extra careful, but unsafe is not always wrong. It is only wrong if it causes unsound / undefined behavior (which is always wrong).

Pauan picture Pauan on 19 Jan 2020
👍2

Thanks for all your reply. Anyway, it is just an suggestion. I think there is no need to give further discussion, right?

dbsxdbsx picture dbsxdbsx on 19 Jan 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

marinintim picture marinintim  路  3Comments
3442853561 picture 3442853561  路  3Comments
Diggsey picture Diggsey  路  3Comments
steveklabnik picture steveklabnik  路  4Comments
3442853561 picture 3442853561  路  4Comments