Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RFC: Use --cfg reduce_unsafe to signal preference of safe code over fast code #35

Open
WildCryptoFox opened this issue Jan 17, 2020 · 2 comments
Open

RFC: Use --cfg reduce_unsafe to signal preference of safe code over fast code #35

WildCryptoFox opened this issue Jan 17, 2020 · 2 comments

Comments

@WildCryptoFox
Copy link

WildCryptoFox commented Jan 17, 2020
edited
Loading

(Cross posted on users.rust-lang.org and internals.rust-lang.org)

This complements #19 when the safe code can be produced but the performance cost is too high for a set of users willing to pay the safety cost.

Users could opt into this manually using RUSTFLAGS+='--cfg reduce_unsafe'; but I'd rather richer tooling - see below.

Crates branch on #[cfg(reduce_unsafe)].

Edit: I've implemented reduce_unsafe::(un)checked! macros with an example.

Alternatively a feature flag could be used instead and could be fine-grain for certain code.

Context: I've been using a custom RUSTC_WRAPPER and plan to promote this shell with Rust and add some more features. This complements cargo geiger, cargo crev and could be an early feature of cargo sandbox.

In addition to showing all unsafe code this also shows deprecation warnings and any other warnings or errors which are normally hidden because cargo uses --cap-lints allow (before RUSTFLAGS where it cannot be overridden without RUSTC_WRAPPER) to minimize damage of rustc's own changes.

(Use -Funsafe-code to catch uses of #[allow(unsafe_code)])
@WildCryptoFox WildCryptoFox mentioned this issue Jan 17, 2020
Merged
@WildCryptoFox WildCryptoFox changed the title Use --cfg reduce_unsafe to signal preference of safe code over fast code RFC: Use --cfg reduce_unsafe to signal preference of safe code over fast code Jan 17, 2020
@WildCryptoFox
Copy link
Author

WildCryptoFox commented Jan 18, 2020
edited
Loading

Perhaps respect the following hints from crates.

# if this crate is not forbidden, then
[package.metadata.unsafe_policy]
# default is forbid (when the meta entry is present)
# allow foo to use unsafe code
foo = "allow"
# ask bar to reduce its unsafe code
bar = "reduce"
# forbid bar's dependency 'baz' from using unsafe code
bar.baz = "forbid"

[package.metadata.unsafe_policy.'cfg(feature = "something_which_needs_unsafe")']
quz = "allow"

@burdges
Copy link

burdges commented Jun 15, 2020
edited
Loading

I think reduce_unsafe might mean wildly varying things to different crates, but your cargo wrapper and unsafe_policy idea give the right direction.

You might permit the unsafe code within a specific version or with a specific digital signature, but accept future crate versions that left alone the modules satisfying that restriction. I suppose micro crates like arrayref that release new versions rarely help achieve this more simply.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@WildCryptoFox @burdges