It seems like a lot of people new to Rust get confused by the dual-use meanings of the “unsafe” keyword:
- Declaring a Trait or Function has an unsafe contract that must be upheld to implement/call
- Declaring that contracts have been upheld
For example, see this person’s confusion in this post: Can we get rid of the unsafe wrapper of OS functions?
It would perhaps be better if a different keyword(s) were used. For example, use “unsafe contract” (or just “unsafe”) for function/trait definitions and “verified contract” (or just “verified”) for “unsafe” blocks and trait impl’s.
This has been bike-shedded to death I’m sure, but, since it seems to be a significant source of confusion about “unsafety of Rust”, perhaps it is worth another go-round of a discussion in the community and perhaps an RFC? Especially given the new/upcoming 2018 Edition where keyword deprecation could be reasonably accommodated.
Any appetite for that?
Cross-Posted to Internals: https://internals.rust-lang.org/t/ambiguity-of-unsafe-causes-confusions-in-understanding/7021