Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SE-0458] Improvements to strict memory safety checking based on the ongoing review #2689

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

[SE-0458] Improvements to strict memory safety checking based on the ongoing review #2689

wants to merge 7 commits into from

Conversation

DougGregor
Copy link
Member

This pull request improves the proposal in number of ways:

  • Do not require declarations with unsafe types in their signature to be marked @unsafe; it is implied. They may be marked @safe to indicate that they are actually safe.
  • Add unsafe for iteration via the for..in syntax.
  • Add C(++) interoperability section that infers @unsafe for C types that involve pointers.
  • Document the unsafe conformances of the UnsafeBufferPointer family of types to the Collection protocol hierarchy.
  • Restructure detailed design to separate out "sources of unsafety" from "acknowledging unsafety".

@DougGregor
[SE-0458] Don't require declarations with unsafe signatures to be @un…
7eab91d 
…safe

This extra step of requiring @unsafe is mostly busywork. Rather, we
infer @unsafe from unsafe types, and can later suppress false positives
for actually-safe declarations by marking them @safe.
@DougGregor
SE-0459: Add handling of unsafe for for..in iteration
694d95a
@DougGregor
Infer @unsafe on imported C structs/enums/classes/unions with pointer…
ee09e8a 
…s in them
@DougGregor
SE-0458: Restructure for improved readability
2ffa2d4 
The Detailed Design was becoming a grab-bag of sections, so give it more
structure. First, we describe all of the sources of memory unsafety in
Swift. Then, note the role of the @safe attribute. Finally, describe
all of the ways in which one can acknowledge unsafety.

One drive-by fix here is to document the unsafe conformances of the
`UnsafeBufferPointer` family of types to the `Collection` protocol
hierarchy.
@DougGregor
SE-0458: Bring back discussion of unsafe witnesses and how to acknowl…
682c8ac 
…edge them

This was lost in my restructuring
@DougGregor
SE-0458: Move the @safe attribute into the section on acknowledging u…
48c0994 
…nsafety
@DougGregor DougGregor requested a review from rjmccall February 12, 2025 07:45
apple-fcloutier
apple-fcloutier reviewed Feb 12, 2025
View reviewed changes
proposals/0458-strict-memory-safety.md Outdated

Implementing a protocol requirement that is safe (and not part of an `@unsafe` protocol) within an `@unsafe` declaration introduces unsafety, so it will produce a diagnostic in the strict safety mode:
Swift's `for..in` loops are effectively implemented as syntactic sugar over the `Sequence` and `IteratorProtocol` protocols, where the `for..in` creates a new iterator (with `Sequence.makeIterator()`) and then calls its `next()` operation for each loop iteration. If the conformances to `Sequence` are `IteratorProtocol` is `@unsafe`, the loop will introduce a warning:
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

spelling:

... `Sequence` are `IteratorProtocol` is `@unsafe`, the loop will introduce a warning:
               ^~~ and

proposals/0458-strict-memory-safety.md Outdated
@@ -740,7 +824,14 @@ We could introduce an optional `message` argument to the `@unsafe` attribute, wh

## Revision history

* **Revision 2 (following first review)**
* **Revision 3 (following second review eextension)**
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Spelling:

**Revision 3 (following second review eextension)**
                                      ^~~~~~~~~~ extension

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@apple-fcloutier apple-fcloutier apple-fcloutier left review comments

@rjmccall rjmccall Awaiting requested review from rjmccall

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@DougGregor @apple-fcloutier