From 8c27bfb4f50867af95f3d91a860048de47a638c5 Mon Sep 17 00:00:00 2001
From: Eric Huss <eric@huss.org>
Date: Fri, 7 Jun 2024 08:27:30 -0700
Subject: [PATCH 1/3] Add 2024 unsafe functions

---
 src/SUMMARY.md                          |  1 +
 src/rust-2024/newly-unsafe-functions.md | 63 +++++++++++++++++++++++++
 2 files changed, 64 insertions(+)
 create mode 100644 src/rust-2024/newly-unsafe-functions.md

diff --git a/src/SUMMARY.md b/src/SUMMARY.md
index 3356883..db16540 100644
--- a/src/SUMMARY.md
+++ b/src/SUMMARY.md
@@ -40,6 +40,7 @@
 - [Rust 2024 🚧](rust-2024/index.md)
   - [Additions to the prelude](rust-2024/prelude.md)
   - [Add `IntoIterator` for `Box<[T]>`](rust-2024/intoiterator-box-slice.md)
+  - [Newly unsafe functions](rust-2024/newly-unsafe-functions.md)
   - [`unsafe_op_in_unsafe_fn` warning](rust-2024/unsafe-op-in-unsafe-fn.md)
   - [RPIT lifetime capture rules](rust-2024/rpit-lifetime-capture.md)
   - [Disallow references to `static mut`](rust-2024/static-mut-reference.md)
diff --git a/src/rust-2024/newly-unsafe-functions.md b/src/rust-2024/newly-unsafe-functions.md
new file mode 100644
index 0000000..73be908
--- /dev/null
+++ b/src/rust-2024/newly-unsafe-functions.md
@@ -0,0 +1,63 @@
+# Unsafe functions
+
+🚧 The 2024 Edition has not yet been released and hence this section is still "under construction".
+More information may be found in the tracking issue at <https://github.com/rust-lang/rust/issues/124866>.
+
+## Summary
+
+- The following functions are now marked [`unsafe`]:
+    - [`std::env::set_var`]
+    - [`std::env::remove_var`]
+
+[`unsafe`]: ../../reference/unsafe-keyword.html#unsafe-functions-unsafe-fn
+[`std::env::set_var`]: ../../std/env/fn.set_var.html
+[`std::env::remove_var`]: ../../std/env/fn.remove_var.html
+
+## Details
+
+It can be unsound to call [`std::env::set_var`] or [`std::env::remove_var`] in a multi-threaded program due to safety limitations of the way the process environment is handled on some platforms. The standard library originally defined these as safe functions, but it was later determined that was not correct.
+
+It is important to ensure that these functions are not called when any other thread might be running. See the [Safety] section of the function documentation for more details.
+
+Ordinarily it would be a backwards-incompatible change to add `unsafe` to these functions. To address that problem, they are marked as `unsafe` only in the 2024 Edition.
+
+[Safety]: ../../std/env/fn.set_var.html#safety
+
+## Migration
+
+To make your code compile in both the 2021 and 2024 editions, you will need to make sure that `set_var` and `remove_var` are called only from within `unsafe` blocks.
+
+**⚠ Caution**: It is important that you manually inspect the calls to `set_var` and `remove_var` and possibly rewrite your code to satisfy the preconditions of those functions. In particular, they should not be called if there might be multiple threads running. You may need to elect to use a different mechanism other than environment variables to manage your use case.
+
+The [`deprecated_safe_2024`] lint will automatically modify any use of `set_var` or `remove_var` to be wrapped in an `unsafe` block so that it can compile on both editions. This lint is part of the `rust-2024-compatibility` lint group, which will automatically be applied when running `cargo fix --edition`. To migrate your code to be Rust 2024 Edition compatible, run:
+
+```sh
+cargo fix --edition
+```
+
+For example, this will change:
+
+```rust
+fn main() {
+    std::env::set_var("FOO", "123");
+}
+```
+
+to be:
+
+```rust
+fn main() {
+    unsafe { std::env::set_var("FOO", "123") };
+}
+```
+
+Just beware that this automatic migration will not be able to verify that these functions are being used correctly. It is still your responsibility to manually review their usage.
+
+Alternatively, you can manually enable the lint to find places these functions are called:
+
+```rust
+// Add this to the root of your crate to do a manual migration.
+#![warn(deprecated_safe_2024)]
+```
+
+[`deprecated_safe_2024`]: ../../rustc/lints/listing/allowed-by-default.html#deprecated-safe

From 455dcc6149a5205057a0ca1b5bed0357690d956a Mon Sep 17 00:00:00 2001
From: Eric Huss <eric@huss.org>
Date: Mon, 17 Jun 2024 07:55:43 -0700
Subject: [PATCH 2/3] Add `CommandExt::before_exec`

---
 src/rust-2024/newly-unsafe-functions.md | 25 ++++++++++++++++++++-----
 1 file changed, 20 insertions(+), 5 deletions(-)

diff --git a/src/rust-2024/newly-unsafe-functions.md b/src/rust-2024/newly-unsafe-functions.md
index 73be908..378bd4c 100644
--- a/src/rust-2024/newly-unsafe-functions.md
+++ b/src/rust-2024/newly-unsafe-functions.md
@@ -8,28 +8,43 @@ More information may be found in the tracking issue at <https://github.com/rust-
 - The following functions are now marked [`unsafe`]:
     - [`std::env::set_var`]
     - [`std::env::remove_var`]
+    - [`std::os::unix::process::CommandExt::before_exec`]
 
 [`unsafe`]: ../../reference/unsafe-keyword.html#unsafe-functions-unsafe-fn
 [`std::env::set_var`]: ../../std/env/fn.set_var.html
 [`std::env::remove_var`]: ../../std/env/fn.remove_var.html
+[`std::os::unix::process::CommandExt::before_exec`]: ../../std/os/unix/process/trait.CommandExt.html#method.before_exec
 
 ## Details
 
+Over time it has become evident that certain functions in the standard library should have been marked as `unsafe`. However, adding `unsafe` to a function can be a breaking change since it requires existing code to be placed in an `unsafe` block. To avoid the breaking change, these functions are marked as `unsafe` starting in the 2024 Edition, while not requiring `unsafe` in previous editions.
+
+### `std::env::{set_var, remove_var}`
+
 It can be unsound to call [`std::env::set_var`] or [`std::env::remove_var`] in a multi-threaded program due to safety limitations of the way the process environment is handled on some platforms. The standard library originally defined these as safe functions, but it was later determined that was not correct.
 
 It is important to ensure that these functions are not called when any other thread might be running. See the [Safety] section of the function documentation for more details.
 
-Ordinarily it would be a backwards-incompatible change to add `unsafe` to these functions. To address that problem, they are marked as `unsafe` only in the 2024 Edition.
-
 [Safety]: ../../std/env/fn.set_var.html#safety
 
+### `std::os::unix::process::CommandExt::before_exec`
+
+The [`std::os::unix::process::CommandExt::before_exec`] function is a unix-specific function which provides a way to run a closure before calling `exec`. This function was deprecated in the 1.37 release, and replaced with [`pre_exec`] which does the same thing, but is marked as `unsafe`.
+
+Even though `before_exec` is deprecated, it is now correctly marked as `unsafe` starting in the 2024 Edition. This should help ensure that any legacy code which has not already migrated to `pre_exec` to require an `unsafe` block.
+
+There are very strict safety requirements for the `before_exec` closure to satisfy. See the [Safety section][pre-exec-safety] for more details.
+
+[`pre_exec`]: ../../std/os/unix/process/trait.CommandExt.html#tymethod.pre_exec
+[pre-exec-safety]: ../../std/os/unix/process/trait.CommandExt.html#notes-and-safety
+
 ## Migration
 
-To make your code compile in both the 2021 and 2024 editions, you will need to make sure that `set_var` and `remove_var` are called only from within `unsafe` blocks.
+To make your code compile in both the 2021 and 2024 editions, you will need to make sure that these functions are called only from within `unsafe` blocks.
 
-**⚠ Caution**: It is important that you manually inspect the calls to `set_var` and `remove_var` and possibly rewrite your code to satisfy the preconditions of those functions. In particular, they should not be called if there might be multiple threads running. You may need to elect to use a different mechanism other than environment variables to manage your use case.
+**⚠ Caution**: It is important that you manually inspect the calls to these functions and possibly rewrite your code to satisfy the preconditions of those functions. In particular, `set_var` and `remove_var` should not be called if there might be multiple threads running. You may need to elect to use a different mechanism other than environment variables to manage your use case.
 
-The [`deprecated_safe_2024`] lint will automatically modify any use of `set_var` or `remove_var` to be wrapped in an `unsafe` block so that it can compile on both editions. This lint is part of the `rust-2024-compatibility` lint group, which will automatically be applied when running `cargo fix --edition`. To migrate your code to be Rust 2024 Edition compatible, run:
+The [`deprecated_safe_2024`] lint will automatically modify any use of these functions to be wrapped in an `unsafe` block so that it can compile on both editions. This lint is part of the `rust-2024-compatibility` lint group, which will automatically be applied when running `cargo fix --edition`. To migrate your code to be Rust 2024 Edition compatible, run:
 
 ```sh
 cargo fix --edition

From b03166ec922383914acc3f51c2ec7b61d5bf0d92 Mon Sep 17 00:00:00 2001
From: Eric Huss <eric@huss.org>
Date: Thu, 27 Jun 2024 09:37:06 -0700
Subject: [PATCH 3/3] Add TODO comment added by rustc.

Co-authored-by: Tobias Bucher <tobiasbucher5991@gmail.com>
---
 src/rust-2024/newly-unsafe-functions.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/rust-2024/newly-unsafe-functions.md b/src/rust-2024/newly-unsafe-functions.md
index 378bd4c..41e5bcc 100644
--- a/src/rust-2024/newly-unsafe-functions.md
+++ b/src/rust-2024/newly-unsafe-functions.md
@@ -62,6 +62,7 @@ to be:
 
 ```rust
 fn main() {
+    // TODO: Audit that the environment access only happens in single-threaded code.
     unsafe { std::env::set_var("FOO", "123") };
 }
 ```