Skip to content

Add 2024 unsafe functions #304

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Aug 15, 2024
Merged

Add 2024 unsafe functions #304

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
8c27bfb
Add 2024 unsafe functions
ehuss Jun 7, 2024
455dcc6
Add `CommandExt::before_exec`
ehuss Jun 17, 2024
b03166e
Add TODO comment added by rustc.
ehuss Jun 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions src/SUMMARY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@
- [Rust 2024 🚧](rust-2024/index.md)
- [Additions to the prelude](rust-2024/prelude.md)
- [Add `IntoIterator` for `Box<[T]>`](rust-2024/intoiterator-box-slice.md)
- [Newly unsafe functions](rust-2024/newly-unsafe-functions.md)
- [`unsafe_op_in_unsafe_fn` warning](rust-2024/unsafe-op-in-unsafe-fn.md)
- [RPIT lifetime capture rules](rust-2024/rpit-lifetime-capture.md)
- [Disallow references to `static mut`](rust-2024/static-mut-reference.md)
Expand Down
79 changes: 79 additions & 0 deletions src/rust-2024/newly-unsafe-functions.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
# Unsafe functions

🚧 The 2024 Edition has not yet been released and hence this section is still "under construction".
More information may be found in the tracking issue at <https://github.com/rust-lang/rust/issues/124866>.

## Summary

- The following functions are now marked [`unsafe`]:
- [`std::env::set_var`]
- [`std::env::remove_var`]
- [`std::os::unix::process::CommandExt::before_exec`]

[`unsafe`]: ../../reference/unsafe-keyword.html#unsafe-functions-unsafe-fn
[`std::env::set_var`]: ../../std/env/fn.set_var.html
[`std::env::remove_var`]: ../../std/env/fn.remove_var.html
[`std::os::unix::process::CommandExt::before_exec`]: ../../std/os/unix/process/trait.CommandExt.html#method.before_exec

## Details

Over time it has become evident that certain functions in the standard library should have been marked as `unsafe`. However, adding `unsafe` to a function can be a breaking change since it requires existing code to be placed in an `unsafe` block. To avoid the breaking change, these functions are marked as `unsafe` starting in the 2024 Edition, while not requiring `unsafe` in previous editions.

### `std::env::{set_var, remove_var}`

It can be unsound to call [`std::env::set_var`] or [`std::env::remove_var`] in a multi-threaded program due to safety limitations of the way the process environment is handled on some platforms. The standard library originally defined these as safe functions, but it was later determined that was not correct.

It is important to ensure that these functions are not called when any other thread might be running. See the [Safety] section of the function documentation for more details.

[Safety]: ../../std/env/fn.set_var.html#safety

### `std::os::unix::process::CommandExt::before_exec`

The [`std::os::unix::process::CommandExt::before_exec`] function is a unix-specific function which provides a way to run a closure before calling `exec`. This function was deprecated in the 1.37 release, and replaced with [`pre_exec`] which does the same thing, but is marked as `unsafe`.

Even though `before_exec` is deprecated, it is now correctly marked as `unsafe` starting in the 2024 Edition. This should help ensure that any legacy code which has not already migrated to `pre_exec` to require an `unsafe` block.

There are very strict safety requirements for the `before_exec` closure to satisfy. See the [Safety section][pre-exec-safety] for more details.

[`pre_exec`]: ../../std/os/unix/process/trait.CommandExt.html#tymethod.pre_exec
[pre-exec-safety]: ../../std/os/unix/process/trait.CommandExt.html#notes-and-safety

## Migration

To make your code compile in both the 2021 and 2024 editions, you will need to make sure that these functions are called only from within `unsafe` blocks.

**⚠ Caution**: It is important that you manually inspect the calls to these functions and possibly rewrite your code to satisfy the preconditions of those functions. In particular, `set_var` and `remove_var` should not be called if there might be multiple threads running. You may need to elect to use a different mechanism other than environment variables to manage your use case.

The [`deprecated_safe_2024`] lint will automatically modify any use of these functions to be wrapped in an `unsafe` block so that it can compile on both editions. This lint is part of the `rust-2024-compatibility` lint group, which will automatically be applied when running `cargo fix --edition`. To migrate your code to be Rust 2024 Edition compatible, run:

```sh
cargo fix --edition
```

For example, this will change:

```rust
fn main() {
std::env::set_var("FOO", "123");
}
```

to be:

```rust
fn main() {
// TODO: Audit that the environment access only happens in single-threaded code.
unsafe { std::env::set_var("FOO", "123") };
}
```

Just beware that this automatic migration will not be able to verify that these functions are being used correctly. It is still your responsibility to manually review their usage.

Alternatively, you can manually enable the lint to find places these functions are called:

```rust
// Add this to the root of your crate to do a manual migration.
#![warn(deprecated_safe_2024)]
```

[`deprecated_safe_2024`]: ../../rustc/lints/listing/allowed-by-default.html#deprecated-safe
Loading