> Can you use `unsafe` to mark off entire scopes to avoid having to redeclare it?
Yes, but, you should avoid labelling large blocks of code "unsafe" when really only a small amount is unsafe or there are disconnected unsafe bits scattered through a function.
Also, though the compiler can't tell, stylistically it's proper in Rust to justify each unsafe block, and larger blocks mean the justification is often too vague ("Access the data" thanks, but why is this OK?) or falls out of date.
The idea is: Unsafe does not mean "I expect this is wrong but I want to do it anyway" rather "I am sure this is right but the compiler doesn't understand why" and the justification explains to other humans, maintainers, reviewers, and your future self, why you believe it's right.
> The idea is: Unsafe does not mean "I expect this is wrong but I want to do it anyway" rather "I am sure this is right but the compiler doesn't understand why" and the justification explains to other humans, maintainers, reviewers, and your future self, why you believe it's right.
I'd add one more aspect to it in addition to yours: "get back to this in the future and see if we can make it not use `unstable`". It's a very good marker in the code and I hope Rust doesn't move to implicitness.
Unstable aka Nightly features in Rust also need flagging, you must annotate to tell the compiler you want this feature (and so your code won't compile in stable Rust or in any future nightly Rust which lacks the feature)
No I don't think Rust would choose to make either nightly flags or the unsafe marker implicit.
In fact the opposite is likely, today unsafe functions have their body implicitly treated as unsafe, because you said the unsafe word at the start of the function. For short functions this seems convenient, in longer functions it would be nice to distinguish "actually needs its own safety rationale" from merely "happens to be in a function marked as unsafe".
Yes, but, you should avoid labelling large blocks of code "unsafe" when really only a small amount is unsafe or there are disconnected unsafe bits scattered through a function.
Also, though the compiler can't tell, stylistically it's proper in Rust to justify each unsafe block, and larger blocks mean the justification is often too vague ("Access the data" thanks, but why is this OK?) or falls out of date.
The idea is: Unsafe does not mean "I expect this is wrong but I want to do it anyway" rather "I am sure this is right but the compiler doesn't understand why" and the justification explains to other humans, maintainers, reviewers, and your future self, why you believe it's right.