Yes unsafe is primarily for memory safety. However! Your idea is good. It would be really good if you could have something like that. I am just not sure what the best way to do it is. It could be done by an attribute and lint with the ability to toggle it off with a module level, function level, or scope level second attribute, lol, possibilities are endless.
But indeed unsafe is likely only, currently, for memory safety. Still I like the idea! I love the idea. I read your email earlier today but only shortly ago I realize what you mean. On Jan 1, 2015 5:17 AM, "Vladimir Pouzanov" <farcal...@gmail.com> wrote: > I had this idea for some time and I'd like to discuss it to see if it is > something reasonable to be proposed for rust to implement or there are > other ways around the problem. > > Let's say I have a low level function that manipulates the hardware clock > using some platform-specific argument. Internally this function will do an > unsafe volatile mem write to store value in the register, but this is the > only part of the code that is unsafe compiler-wise, whatever else is in > there in the function is safe and I want the compiler to warn me if any > other unsafe operation happens. > > Now, given that this function is actually unsafe in terms of its realtime > consequences (it does not do any validation of the input for speed) I want > to mark it as unsafe fn and make a safer wrapper for end users, while > keeping this for the little subset of users that will need the actual speed > benefits. > > Unfortunately, marking it unsafe will now allow any other unsafe operation > in the body of the function, when what I wanted is just to force users of > it to be aware of unsafety via compiler validation. > > A safe {} block could have helped me in this case. But is it a good idea > overall? > > Some pseudo-code to illustrate > > pub unsafe fn set_clock_mode(mode: uint32) { > // ... > // doing some required computations > // this code must be 'safe' for the compiler > unsafe { > // ... > // writing the value to mmaped register, this one is unsafe but > validated by programmer > } > } > > pub fn set_clock_mode_safe(mode: uint32) -> bool { > // ... > // validate input > unsafe { > // I want this call to require unsafe block > set_clock_mode(mode); > } > } > > -- > Sincerely, > Vladimir "Farcaller" Pouzanov > http://farcaller.net/ > > _______________________________________________ > Rust-dev mailing list > Rust-dev@mozilla.org > https://mail.mozilla.org/listinfo/rust-dev > >
_______________________________________________ Rust-dev mailing list Rust-dev@mozilla.org https://mail.mozilla.org/listinfo/rust-dev