Skip to content

RFC: Safety Tags #3842

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 49 commits into
base: master
Choose a base branch
from
Open

RFC: Safety Tags #3842

wants to merge 49 commits into from
+776 −0

Conversation

zjp-CN
Copy link

@zjp-CN zjp-CN commented Jul 31, 2025
edited
Loading

Summary

This RFC introduces a concise safety-comment convention for unsafe code in standard libraries:
tag every public unsafe function with #[safety::requires] and call with #[safety::checked].

Safety tags refine today’s safety-comment habits: a featherweight syntax that condenses every
requirement into a single, check-off reminder.

The following snippet compiles today if we enable enough nightly features, but we expect Clippy
and Rust-Analyzer to enforce tag checks and provide first-class IDE support.

#[safety::requires( // 💡 define safety tags on an unsafe function
    ValidPtr = "src must be [valid](https://doc.rust-lang.org/std/ptr/index.html#safety) for reads",
    Aligned = "src must be properly aligned, even if T has size 0",
    Initialized = "src must point to a properly initialized value of type T"
)]
pub unsafe fn read<T>(ptr: *const T) { }

fn main() {
    #[safety::checked( // 💡 discharge safety tags on an unsafe call
        ValidPtr, Aligned, Initialized = "optional reason"
    )]
    unsafe { read(&()) };
}

Rendered

scottmcm
scottmcm reviewed Jul 31, 2025
View reviewed changes
scottmcm
scottmcm reviewed Jul 31, 2025
View reviewed changes
juntyr
juntyr reviewed Jul 31, 2025
View reviewed changes
clarfonthey
clarfonthey reviewed Jul 31, 2025
View reviewed changes
danjl1100
danjl1100 reviewed Jul 31, 2025
View reviewed changes
ChayimFriedman2
ChayimFriedman2 reviewed Jul 31, 2025
View reviewed changes
Lokathor
Lokathor reviewed Aug 1, 2025
View reviewed changes
@zjp-CN zjp-CN requested a review from ia0 August 1, 2025 06:44
kennytm
kennytm reviewed Aug 1, 2025
View reviewed changes
@zjp-CN @kennytm
Update text/0000-safety-tags.md
39dec42 
Co-authored-by: kennytm <kennytm@gmail.com>
ia0
ia0 reviewed Aug 1, 2025
View reviewed changes
kennytm
kennytm reviewed Aug 5, 2025
View reviewed changes
@zjp-CN @kennytm
minor fix
27a7b0d 
Co-authored-by: kennytm <kennytm@gmail.com>
@alice-i-cecile
Copy link

This flavor of thing would be nice to introduce more structure (and the possibility for automated tooling) into complex unsafe code bases like bevy_ecs, which I help maintain.

alice-i-cecile
alice-i-cecile reviewed Aug 6, 2025
View reviewed changes
ia0
ia0 reviewed Aug 6, 2025
View reviewed changes
@jswrenn jswrenn mentioned this pull request Aug 7, 2025
Open
danjl1100
danjl1100 reviewed Aug 8, 2025
View reviewed changes
Copy link

@danjl1100 danjl1100 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I really like the direction this is moving with requires and checked since the initial version.

@madsmtm madsmtm added the T-lang Relevant to the language team, which will review and decide on the RFC. label Aug 22, 2025
madsmtm
madsmtm reviewed Aug 22, 2025
View reviewed changes
@madsmtm madsmtm added T-libs-api Relevant to the library API team, which will review and decide on the RFC. T-rustdoc Relevant to rustdoc team, which will review and decide on the RFC. labels Aug 22, 2025
madsmtm
madsmtm reviewed Aug 22, 2025
View reviewed changes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kennytm kennytm kennytm left review comments

@madsmtm madsmtm madsmtm left review comments

@scottmcm scottmcm scottmcm left review comments

@ChayimFriedman2 ChayimFriedman2 ChayimFriedman2 left review comments

+7 more reviewers

@ia0 ia0 ia0 left review comments

@alice-i-cecile alice-i-cecile alice-i-cecile left review comments

@Lokathor Lokathor Lokathor left review comments

@hxuhack hxuhack hxuhack left review comments

@clarfonthey clarfonthey clarfonthey left review comments

@danjl1100 danjl1100 danjl1100 left review comments

@juntyr juntyr juntyr left review comments

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
T-lang Relevant to the language team, which will review and decide on the RFC. T-libs-api Relevant to the library API team, which will review and decide on the RFC. T-rustdoc Relevant to rustdoc team, which will review and decide on the RFC.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.