1
0
mirror of https://github.com/google/comprehensive-rust.git synced 2025-01-05 16:10:31 +02:00
comprehensive-rust/src/unsafe.md
Igor Petruk 100ee591ed
Update unsafe.md (#252)
* Update unsafe.md

Adding a paragraph explaining that unsafe code is not necessary broken or evil, but it is a mode
where compiler safety features are off.

* Move explanation to speaker notes

To avoid slide being too long. Also edited text slightly.

* Remove extra space

---------

Co-authored-by: Andrew Walbran <qwandor@google.com>
2023-01-30 13:12:51 +00:00

1.1 KiB

Unsafe Rust

The Rust language has two parts:

  • Safe Rust: memory safe, no undefined behavior possible.
  • Unsafe Rust: can trigger undefined behavior if preconditions are violated.

We will be seeing mostly safe Rust in this course, but it's important to know what Unsafe Rust is.

Unsafe code is usually small and isolated, and its correctness should be carefully documented. It is usually wrapped in a safe abstraction layer.

Unsafe Rust gives you access to five new capabilities:

  • Dereference raw pointers.
  • Access or modify mutable static variables.
  • Access union fields.
  • Call unsafe functions, including extern functions.
  • Implement unsafe traits.

We will briefly cover unsafe capabilities next. For full details, please see Chapter 19.1 in the Rust Book and the Rustonomicon.

Unsafe Rust does not mean the code is incorrect. It means that developers have turned off the compiler safety features and have to write correct code by themselves. It means the compiler no longer enforces Rust's memory-safety rules.