averello/swift-mirror
1
0
Fork 0
mirror of https://github.com/apple/swift.git synced 2025-12-21 12:14:44 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
jgrynspan/windows-GUID-hashable-6.2
swift-mirror/userdocs/diagnostics/strict-memory-safety.md
Doug Gregor da34300a44 Improve diagnostic group documentation for strict memory safety 
This both had the wrong file name (so it couldn't be found), and was a
bit out-of-date. Update it.
2025-03-28 15:05:18 -07:00

72 lines
2.3 KiB
Markdown
Raw Permalink Blame History

# Strict Memory Safety Warnings (`StrictMemorySafety`)
This diagnostic group includes warnings that identify the use of language constructs and library APIs that can undermine memory safety. They are enabled by the `-strict-memory-safety` compiler flag. Examples of memory-unsafe code in Swift include:
- Use of a function or type annotated with `@unsafe`:
```swift
func getPointee<T>(_ pointer: UnsafeMutablePointer<Int>, as type: T.Type) -> T {
// reference to unsafe global function 'unsafeBitCast'
return unsafeBitCast(pointer.pointee, to: type)
}
```
- Use of a function involving an `@unsafe` type:
```swift
func evilMalloc(size: Int) -> Int {
// use of global function 'malloc' involves unsafe type 'UnsafeMutableRawPointer'
return Int(bitPattern: malloc(size))
}
```
- Use of an entity that makes use of an unsafe language feature:
```swift
// use of an unowned(unsafe) variable is not memory-safe
unowned(unsafe) var parentNode: TreeNode<T>
```
- Definition of a type whose storage contains unsafe types:
```swift
// struct MyTemporaryBuffer has storage involving unsafe types
struct MyTemporaryBuffer<T> {
private var storage: UnsafeBufferPointer<T>
}
```
- Using an `@unsafe` operation to satisfy a safe protocol requirement:
```swift
// conformance of 'MyType' to protocol 'CustomStringConvertible' involves unsafe code
struct MyType: CustomStringConvertible {
@unsafe var description: String {
"I am unsafe!"
}
}
```
The warnings produced by strict memory safety can be suppressed by acknowledging the unsafe behaior with one of three constructs:
* `unsafe` expressions to acknowledges that there exists memory-unsafe code within the given expression, similar to the way `try` and `await` work for throwing and asynchronous functions:
```swift
func evilMalloc(size: Int) -> Int {
return unsafe Int(bitPattern: malloc(size))
}
```
* `@unsafe` attribute, which acknowledges that a type or conformance is also unsafe:
```swift
struct MyType: @unsafe CustomStringConvertible {
@unsafe var description: String {
"I am unsafe!"
}
}
```
* `@safe` attribute to indicate that an entity encapsulates the unsafe behavior to provide a safe interface:
```swift
@safe struct MyTemporaryBuffer<T> {
private var storage: UnsafeBufferPointer<T>
}
```
Reference in New Issue View Git Blame Copy Permalink