Skip to content

Unsafe Fields #273

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
1 of 7 tasks
nikomatsakis opened this issue Feb 18, 2025 · 4 comments
Open
1 of 7 tasks

Unsafe Fields #273

nikomatsakis opened this issue Feb 18, 2025 · 4 comments
Assignees
@jswrenn
Labels
C-tracking-issue F-unsafe_fields T-compiler T-lang
Milestone
2025h1

Comments

@nikomatsakis
Copy link
Contributor

nikomatsakis commented Feb 18, 2025
edited
Loading

Metadata
Point of contact @jswrenn
Team(s) compiler, lang
Goal document 2025h1/unsafe-fields

Summary

Design and implement a mechanism for denoting when fields carry library safety invariants.

Tasks and status
@nikomatsakis nikomatsakis added this to the 2025h1 milestone Feb 18, 2025
@nikomatsakis
Copy link
Contributor Author

This issue is intended for status updates only.

For general questions or comments, please contact the owner(s) directly.

@nikomatsakis nikomatsakis moved this to Project goals in Lang team features Feb 21, 2025
@jswrenn
Copy link
Member

jswrenn commented Feb 26, 2025

Key developments: In a Feb 19 Lang Team Design Meeting, we reached consensus that the MVP for unsafe fields should be limited to additive invariants.

@nikomatsakis nikomatsakis moved this to Project goal in Lang team features Mar 4, 2025
@jswrenn
Copy link
Member

jswrenn commented Apr 18, 2025

Key developments: After the last lang team meeting, Ralf observed that the additive/subtractive dichotomy (and its attendant design concerns w.r.t. Drop) could be sidestepped, since a field type already cannot be put into an unsound-to-drop state without unsafe code. With this observation, we can reduce field safety tooling to two rules:

  1. a field should be marked unsafe if it carries a safety invariant (of any kind)
  2. a field marked unsafe is unsafe to use

The RFC now reflects this design and has more or less reached a fixed point. Ongoing discussion on the RFC is now mostly limited to weighing this design against a proposed alternative that mixes syntactically knobs and wrapper types. The RFC would benefit from formal review by @rust-lang/lang.

@jswrenn
Copy link
Member

jswrenn commented May 22, 2025

Key developments: No significant developments since previous updates.

Blockers: Waiting on lang team review.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jswrenn jswrenn

Labels
C-tracking-issue F-unsafe_fields T-compiler T-lang
Projects
Lang team features
Status: Project goal
Milestone
2025h1
Development

No branches or pull requests
3 participants
@nikomatsakis @jswrenn @scottmcm