Skip to content

Commit 3ac2da3

Browse files
zjp-CNzjp-CN
committed
alternativs: compared to Clippy lint danger_not_accepted 
1 parent 4aaba41 commit 3ac2da3

File tree

1 file changed

+32
-0
lines changed

1 file changed

+32
-0
lines changed

text/0000-safety-tags.md

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -538,6 +538,38 @@ unsafe { ptr::read(elem) }
538538
unsafe { ptr::read(elem) }
539539
```
540540

541+
## Clippy lint `danger_not_accepted`
542+
543+
The Clippy PR [#11600] attempted to introduce a new lint called `danger_not_accepted`, which is
544+
similar to safety tags but has several key differences:
545+
546+
- **Attribute Names**: `#[clippy::dangerous]` vs. `#[safety::requires]`; `#[clippy::accept_danger]`
547+
vs. `#[safety::checked]`.
548+
- **Applicability**: Danger attributes can be applied to safe code and modules, whereas safety tags
549+
are specifically for unsafe operations. However, [entity-reference] might eventually support safe
550+
code in the future.
551+
- **Lint Levels and Names**: Danger lint levels and names can be controlled at the module level,
552+
while safety tags are controlled by `#[level(clippy::safety_requires)]` and
553+
`#[level(clippy::safety_checked)]`, where the level can be `deny`, `allow`, or `warn`.
554+
- **Naming Conventions**: Danger names are path-based, while tag names are limited to unsafe APIs or
555+
operations. There was some discussion in earlier iterations of this RFC about whether names should
556+
be path-based, but we opted for this approach because it is simpler and avoids collisions.
557+
558+
The PR was closed due to inactivity. However, I found some interesting insights:
559+
560+
- It was discussed in a [weekly meeting][clippy-danger], where @flip1995 summarized, "I'm not
561+
opposed to the idea, but to add this to Clippy, we must ensure it produces good diagnostics
562+
(reason field) and works across crates."
563+
- Our proposal meets these criteria because definitions will be displayed if tags are not checked,
564+
and as long as an unsafe function can be called, its tags will be available, ensuring they work
565+
across crates.
566+
- Rustc developers have also expressed interest in this lint, as seen in
567+
[this discussion][rustc-danger].
568+
569+
[#11600]: https://github.com/rust-lang/rust-clippy/pull/11600
570+
[clippy-danger]: https://rust-lang.zulipchat.com/#narrow/channel/257328-clippy/topic/Meeting.202023-10-03/near/394654500
571+
[rustc-danger]: https://github.com/rust-lang/rust/pull/126326#issuecomment-2165339577
572+
541573
# Prior art
542574
[prior-art]: #prior-art
543575

0 commit comments

Comments
 (0)