Skip to content

lint(unsafe_code): exclude unsafe declarations from lint coverage #148651

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 3 commits into
base: master
Choose a base branch
from
Draft

lint(unsafe_code): exclude unsafe declarations from lint coverage #148651

wants to merge 3 commits into from

Conversation

@wyfo
Copy link
Contributor

@wyfo wyfo commented Nov 7, 2025
edited
Loading

Unsafe declarations of traits, functions, methods, or extern blocks cannot cause undefined behavior by themselves — only unsafe blocks or implementations of unsafe traits can.

The unsafe_code lint previously applied to these declarations, preventing, for example, declarations of extern "C" blocks. See #108926.

This change removes all such unsafe declarations from unsafe_code coverage.

However, to maintain soundness, unsafe functions with bodies are only allowed when unsafe_op_in_unsafe_fn is set to forbid. This ensures unsafe operations inside such functions require an unsafe block. Declarations of unsafe functions without bodies (e.g., in traits) are always allowed.

Closes #108926

@wyfo
lint(unsafe_code): exclude unsafe declarations from lint coverage
a4b70f2 
Unsafe declarations of traits, functions, methods, or extern blocks
cannot cause undefined behavior by themselves — only unsafe blocks
or implementations of unsafe traits can.

The `unsafe_code` lint previously applied to these declarations,
preventing, for example, declarations of `extern "C"` blocks.
See rust-lang#108926.

This change removes all such unsafe declarations from `unsafe_code`
coverage.

However, to maintain soundness, unsafe functions *with bodies* are
only allowed when `unsafe_op_in_unsafe_fn` is set to `forbid`. This
ensures unsafe operations inside such functions require an `unsafe`
block. Declarations of unsafe functions *without bodies* (e.g., in
traits) are always allowed.

Closes rust-lang#108926
@rustbot rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. labels Nov 7, 2025
@rustbot
Copy link
Collaborator

rustbot commented Nov 7, 2025

r? @petrochenkov

rustbot has assigned @petrochenkov.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

@rustbot
Copy link
Collaborator

rustbot commented Nov 7, 2025

⚠️ Warning ⚠️

  • There are issue links (such as #123) in the commit messages of the following commits.
    Please move them to the PR description, to avoid spamming the issues with references to the commit, and so this bot can automatically canonicalize them to avoid issues with subtree.

@wyfo wyfo marked this pull request as draft November 7, 2025 14:27
@rustbot rustbot added S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Nov 7, 2025
@wyfo wyfo mentioned this pull request Nov 7, 2025
Open
@RalfJung
Copy link
Member

RalfJung commented Nov 7, 2025

Unsafe declarations of traits, functions, methods, or extern blocks cannot cause undefined behavior by themselves

At least for extern blocks, that is not correct. The mere presence of an incorrect extern block can cause UB. See #46188.

@rust-log-analyzer

This comment has been minimized.

Sign in to view
@wyfo
Copy link
Contributor Author

wyfo commented Nov 7, 2025

At least for extern blocks, that is not correct. The mere presence of an incorrect extern block can cause UB. See #46188.

Indeed, my bad, I've rolled back this part.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@petrochenkov petrochenkov

Labels

S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

unsafe_code lint fires for unsafe fn with safe body

5 participants

@wyfo @rustbot @RalfJung @rust-log-analyzer @petrochenkov