Add a slide about writing unsafe functions.

2025-04-03 01:56:12 +02:00 · 2023-01-17 17:13:10 +00:00 · 2023-01-17 17:13:10 +00:00 · 6e7916c29b
commit 6e7916c29b
parent 3cadad4e0a
3 changed files with 40 additions and 1 deletions
--- a/src/SUMMARY.md
+++ b/src/SUMMARY.md
@ -164,7 +164,8 @@
  - [Dereferencing Raw Pointers](unsafe/raw-pointers.md)
  - [Mutable Static Variables](unsafe/mutable-static-variables.md)
  - [Unions](unsafe/unions.md)
-  - [Calling Unsafe Functions](unsafe/unsafe-functions.md)
+  - [Calling Unsafe Functions](unsafe/calling-unsafe-functions.md)
+    - [Writing Unsafe Functions](unsafe/writing-unsafe-functions.md)
    - [Extern Functions](unsafe/extern-functions.md)
  - [Implementing Unsafe Traits](unsafe/unsafe-traits.md)
 - [Exercises](exercises/day-3/afternoon.md)
--- a/src/unsafe/calling-unsafe-functions.md
+++ b/src/unsafe/calling-unsafe-functions.md
--- a/src/unsafe/writing-unsafe-functions.md
+++ b/src/unsafe/writing-unsafe-functions.md
@ -0,0 +1,38 @@
+# Writing Unsafe Functions
+
+You can mark your own functions as `unsafe` if they require particular conditions to avoid undefined
+behaviour.
+
+```rust,editable
+/// Swaps the values pointed to by the given pointers.
+///
+/// # Safety
+///
+/// The pointers must be valid and properly aligned.
+unsafe fn swap(a: *mut u8, b: *mut u8) {
+    let temp = *a;
+    *a = *b;
+    *b = temp;
+}
+
+fn main() {
+    let mut a = 42;
+    let mut b = 66;
+
+    // Safe because ...
+    unsafe {
+        swap(&mut a, &mut b);
+    }
+
+    println!("a = {}, b = {}", a, b);
+}
+```
+
+<details>
+
+We wouldn't actually use pointers for this because it can be done safely with references.
+
+Note that unsafe code is allowed within an unsafe function without an `unsafe` block. We can
+prohibit this with `#[deny(unsafe_op_in_unsafe_fn)]`. Try adding it and see what happens.
+
+</details>