remove unsafe from serde and add #![forbid(unsafe_code)]
#2096
Comments
|
Skipping the additional utf8 check when you know you've only written ascii is exactly the sort of speedup situation that having |
|
It is worth noting that this unsafe code got introduced as part of #2001 to fix a performance issue. Any reversal of this should probably check that the performance loss is acceptable. |
|
If it's just for one instance of //! src/lib.rs
#![cfg_attr(feature = "forbid-unsafe", forbid(unsafe_code))]let ascii_str = str::from_utf8(&buf[.. written]).unwrap_or_else(|_err| {
#[cfg(feature = "forbid-unsafe")]
unreachable!("Expected ASCII bytes only: {}", _err);
#[cfg(not(feature = "forbid-unsafe"))]
unsafe {
::core::hint::unreachable_unchecked();
}
});
serializer.serialize_str(ascii_str)That way the safety-(over-)zealous people would be able to ensure |
|
There is a draft RFC for Cargo applying patches, that makes it easier for downstream projects to customize their dependencies. This looks like a potential use case. Here's the draft: rust-lang/rfcs#3177 |
|
I would prefer not to make this change, but I do welcome scrutiny of whether any unsafe code in serde or its dependencies is correct. FWIW unsafe code in serde is probably scrutinized >10× more than the typical unsafe usage in the Rust standard library (but I still have never understood why people feel compelled to treat it so differently). |
we are trying to use safe external dependencies as much as possible, means checked by
cargo geiger,and we found that, there is a only one
unsafeusage in serde:https://github.com/serde-rs/serde/blob/v1.0.130/serde/src/ser/impls.rs#L739
do you think it is possible to rewrite this code without
unsafeusage?if yes, then you could add
#![forbid(unsafe_code)]to the lib.rs and make it safe forcargo geigerwe made a temporary fork to support our needs here:
https://github.com/tezedge/serde/tree/cleanup-unsafe
The text was updated successfully, but these errors were encountered: