Cargo subcommand to discover why a function is unsafe.
Requires a recent enough nightly rust toolchain.
cargo whynot safe foo
Dereference raw pointers Call unsafe functions (including C functions, compiler intrinsics, and the raw allocator) Implement unsafe traits Mutate statics Access fields of unions
Because it's a fun experiment, hooking into rustc to query the drivers. You should not use this tool because unsafe code is generally bad (it's not), but you can use it to figure out if there is an opportunity to make a function "safe".
Ensure the rustc-dev and possibly llvm-tools-preview component is installed for your nightly toolchain
text
rustup component add rustc-dev llvm-tools-preview --toolchain nightly
cargo +nightly install cargo-whynot
cargo check with env:RUSTC_WORKSPACE_WRAPPER set to this binary.With the following code
```rust pub use unsafe_mod::unsafety;
pub unsafe fn foo() { let a = unsafety(); eprintln!("a: {}", a); }
pub mod unsafemod { pub unsafe fn unsafety() -> u32 { let mut a = 1; let a = std::ptr::addrof_mut!(a); // this is the unsafe part let b = *a; b } } ```
cargo whynot safe foo
will report
``text
note: Function is unsafe
┌─ src/lib.rs:3:1
│
3 │ pub unsafe fn foo() {
│ ^^^^^^^^^^^^^^^^^^^ function is unsafe because:
4 │ let a = unsafety();
│ ---------- call to unsafe functionunsafe_mod::unsafety`
help: ┌─ src/lib.rs:9:5 │ 9 │ pub unsafe fn unsafety() -> u32 { │ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ function is unsafe because: · 13 │ let b = *a; │ ^^ dereference of raw pointer │ = this function does a fundamentally unsafe operation ```
Licensed under either of Apache License, Version 2.0 or MIT license at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in this crate by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.