Reduce unsafe code in SQLite #4096
Description
I have found these related issues/pull requests
No related issues.
Description
SQLx advertises not using any unsafe code, except for SQLite. This is great, however where unsafe code is used, it often wraps the whole function, not just the individual function calls that require the unsafe block. This makes it harder to see where SAFETY comments are needed.
There's about 100 unsafe blocks at the moment, many of which contain multiple unsafe calls, and there are only 36 SAFETY comments.
For a project that advertises itself on not using unsafe code where it doesn't need to, this is surprising.
I also suspect there are cases of functions that assume invariants in their parameters that go unchecked, and as such should be marked as unsafe, but haven't been.
Prefered solution
Put unsafe blocks only around individual unsafe function calls.
Add SAFETY comments to function calls detailing the invariants the function expects, and why they are met.
If the function cannot guarantee that they are met it should be marked as unsafe, have it's invariants documented, and have SAFETY comments added to the callers explaining how they uphold the invariants.
I don't have time to do this myself at the moment, and I know you don't have the time either, so this probably isn't getting done any time soon. But I still think it's a problem that deserves an issue.
Is this a breaking change? Why or why not?
Not a breaking change