From 9c985153df7543cfd0a7770db28a96bfcb649e08 Mon Sep 17 00:00:00 2001 From: Andy Gocke Date: Tue, 24 Mar 2026 20:18:44 -0700 Subject: [PATCH 1/2] Update memory-safety with known issues Clarified the discussion on resource lifetime and reflection in the context of memory safety. --- accepted/2025/memory-safety/caller-unsafe.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/accepted/2025/memory-safety/caller-unsafe.md b/accepted/2025/memory-safety/caller-unsafe.md index c494963e2..65bf01b45 100644 --- a/accepted/2025/memory-safety/caller-unsafe.md +++ b/accepted/2025/memory-safety/caller-unsafe.md @@ -156,7 +156,9 @@ According to the above definition, there are two valid constructors: the explici These data races are considered fundamental to the .NET type system. The safe subset of C# does not protect against them. -- Resource lifetime. Some code patterns, like object pools, require manual lifetime management. When this management is done incorrectly bad behaviors can occur, including improper memory reuse. Notably, none of those behaviors include invalid memory access, although it can include symptoms that look like memory corruption. Because invalid memory access is not possible, this is considered safe. +- Resource lifetime. Some code patterns, like object pools, require manual lifetime management. When this management is done incorrectly bad behaviors can occur, including improper memory reuse. Notably, none of those behaviors include invalid memory access, although it can include symptoms that look like memory corruption. Because invalid memory access is not possible, this is considered safe. Any resource lifetime issues that can cause invalid memory access _are_ considered unsafe. + +- Reflection. Reflection is a known hole in the current unsafe model. Reflection can be used to call unsafe methods or access unsafe properties without the reflection code containing any unsafe blocks. This may be addressed a future proposal. ### Evolution From 129b748560ec85534af3a63adbe335b2baa7861a Mon Sep 17 00:00:00 2001 From: Andy Gocke Date: Wed, 25 Mar 2026 13:37:05 -0700 Subject: [PATCH 2/2] Update accepted/2025/memory-safety/caller-unsafe.md Co-authored-by: Jan Kotas --- accepted/2025/memory-safety/caller-unsafe.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/accepted/2025/memory-safety/caller-unsafe.md b/accepted/2025/memory-safety/caller-unsafe.md index 65bf01b45..92276c18a 100644 --- a/accepted/2025/memory-safety/caller-unsafe.md +++ b/accepted/2025/memory-safety/caller-unsafe.md @@ -158,7 +158,7 @@ These data races are considered fundamental to the .NET type system. The safe su - Resource lifetime. Some code patterns, like object pools, require manual lifetime management. When this management is done incorrectly bad behaviors can occur, including improper memory reuse. Notably, none of those behaviors include invalid memory access, although it can include symptoms that look like memory corruption. Because invalid memory access is not possible, this is considered safe. Any resource lifetime issues that can cause invalid memory access _are_ considered unsafe. -- Reflection. Reflection is a known hole in the current unsafe model. Reflection can be used to call unsafe methods or access unsafe properties without the reflection code containing any unsafe blocks. This may be addressed a future proposal. +- Reflection. Reflection is a known hole in the current unsafe model. Reflection can be used to call unsafe methods or access unsafe properties without the reflection code containing any unsafe blocks. A simple solution to close this hole would be to mark reflection invoke APIs as unsafe. We believe that doing so would be too difficult to adopt in user code. This may be addressed in a future proposal. ### Evolution