TL;DR
Microsoft is redesigning the unsafe keyword in C# to make memory safety contracts clearer and enforceable. The new model, expected in .NET 11 and 12, aims to improve security and code review for unsafe operations.
Microsoft is implementing a significant update to C# memory safety by redesigning the unsafe keyword to explicitly communicate safety obligations, starting with a preview in .NET 11 and a full release in .NET 12.
The new model expands the scope of the unsafe keyword from marking pointers to encompassing any code that interacts with memory in ways the compiler cannot verify as safe. The unsafe keyword will now serve as a contract, with the compiler enforcing that unsafe operations are properly encapsulated and reviewed. This change aims to make safety assumptions more transparent and reviewable, reducing risks associated with unsafe code. The early implementation has already landed in the main branch of the C# compiler, with plans to release the feature as an opt-in in the upcoming .NET 11 preview, becoming the default in .NET 12. The redesign aligns C# more closely with Rust’s approach, emphasizing explicit safety contracts over implicit conventions. Most developers will not notice immediate changes unless they actively use unsafe APIs, but the broader surface area of unsafe code will be subject to stricter review and enforcement.
Why It Matters
This update is important because it enhances memory safety in C# programs, which is critical given the rising importance of security and the proliferation of AI-assisted code generation. By making safety contracts explicit, the new model reduces the likelihood of undefined behavior and security vulnerabilities caused by unsafe memory access. It also supports industry and government standards for safer software development, especially in contexts where memory safety is paramount.
C# unsafe code review tools
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
C# introduced the unsafe keyword in version 1.0 to allow pointer operations within specific contexts. Over time, unsafe has been used for interop and performance-critical code, but its semantics have been loosely defined. Other languages like Rust and Swift have adopted stricter, propagation-oriented semantics for their unsafe features. Microsoft’s new approach in C# aims to unify and clarify this model, making unsafe code more transparent and reviewable. The upcoming changes follow ongoing efforts to improve .NET’s structural safety mechanisms, including bounds checking and null safety, to create a more secure development environment.
“The unsafe keyword will now serve as a safety contract, with the compiler enforcing proper encapsulation and review, making safety assumptions explicit.”
— Microsoft C# team
“The new safety model will initially be opt-in, with plans to make it the default in future releases, aligning C# with modern safety practices.”
— Microsoft spokesperson
Zig Language for Low-Level Engineering: C Replacement with Memory Safety, Cross-Compilation, and Embedded Support
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
It is not yet clear how widely adoption will be in the initial phases, or how existing codebases will transition to the new model. Details on tooling support and developer workflows are still emerging.
Key control log book: Key Checkout Tracking System for Business & Personal Use | 8.5" x 11" | 120 pages.
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
Microsoft will release a preview of the new safety model in .NET 11, allowing developers to test and provide feedback. The feature is expected to become the default in .NET 12, with updates to development templates and tooling support. Further details on migration strategies and best practices are anticipated in upcoming developer documentation and community discussions.
Advanced C++ Memory Techniques: Efficiency and Safety (Advanced C++ Programming Book 6)
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
What is the main change to the unsafe keyword in C#?
The unsafe keyword will now act as a safety contract, with the compiler enforcing that unsafe operations are properly encapsulated and reviewable, rather than just marking pointer code.
When will the new memory safety model be available?
A preview will be released in .NET 11, with full adoption expected in .NET 12 as the default safety model.
Will existing unsafe code need to be rewritten?
It is not yet clear how migration will be handled, but initial plans suggest that existing code can continue to work, with optional updates to adopt the new safety contracts.
How does this compare to unsafe features in Rust or Swift?
The new C# model aligns more with Rust’s approach, emphasizing explicit safety contracts and reviewability, whereas earlier C# unsafe code was more implicit.
Source: Hacker News
