Skip to content

suspicious lint: functions ending in _unchecked that are not marked as unsafe #9438

New issue
New issue
Closed as not planned
Closed as not planned
suspicious lint: functions ending in _unchecked that are not marked as unsafe#9438
Labels
A-lintArea: New lints
@gilescope

Description

@gilescope
gilescope
opened on Sep 7, 2022

What it does

check function names that end _unchecked and then squark if they are not marked as unsafe.

Maybe I'm totally out of line here but I think if you're saying 'trust me' it should be marked unsafe so you can say why it's safe to use the unchecked version.

Lint Name

safe_unchecked

Category

correctness, suspicious

Advantage

The suggestion would be to add unsafe to the function call. That could cause knock on compilation failures but they would have to be for the dev to fix manually as we can't say why they think it's safe.

If we have codebases where unsafe is swept under the carpet then all of rust is built on shaky ground.

Drawbacks

False positives?

Example

pub fn byte_to_str_unchecked(bytes: &[u8]) -> &str { unsafe { #[allow(clippy::transmute_bytes_to_str)]	mem::transmute(bytes) } }

Could be written as:

pub unsafe fn byte_to_str_unchecked(bytes: &[u8]) -> &str { unsafe { #[allow(clippy::transmute_bytes_to_str)]	mem::transmute(bytes) } }

Metadata

Metadata

Assignees

No one assigned

    Labels

    A-lintArea: New lints

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions