Skip to content

RFC: Trait Implementation Privacy with permits #3903

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
HackingRepo wants to merge 4 commits into
base: master
Choose a base branch
from
Open

RFC: Trait Implementation Privacy with permits #3903

HackingRepo wants to merge 4 commits into from
+205 −0

Conversation

@HackingRepo
Copy link

@HackingRepo HackingRepo commented Jan 3, 2026
edited by rustbot
Loading

kennytm
kennytm reviewed Jan 3, 2026
View reviewed changes
text/0000-trait-permits.md
Introduce a new syntax for restricting trait implementations to specific crates:

```rust
trait Test permits mycrate_extra, crate {
Copy link
Member

@kennytm kennytm Jan 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how does the upstream trait declaration knows the name of the downstream crate name provide the impls? any crate can call themselves mycrate_extra, so this does not prevent "malicious impls" mentioned on line 21 at all

@ehuss ehuss added T-lang Relevant to the language team, which will review and decide on the RFC. T-types Relevant to the types team, which will review and decide on the RFC. labels Jan 3, 2026
Lokathor
Lokathor reviewed Jan 3, 2026
View reviewed changes
text/0000-trait-permits.md

Accidental or malicious impls: External crates can implement traits in ways that break invariants.

Audit difficulty: It is hard to know which crates are allowed to implement a trait.
Copy link
Contributor

@Lokathor Lokathor Jan 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is generally very simple to work out how the Orphan Rule applies. The fundamental types work a little different, but there's only a handful of such types.

@kennytm kennytm changed the title Create 0000-trait-permits.md RFC: Trait Implementation Privacy with permits Jan 4, 2026
kennytm
kennytm reviewed Jan 4, 2026
View reviewed changes
scottmcm
scottmcm reviewed Jan 4, 2026
View reviewed changes
JarredAllen
JarredAllen reviewed Jan 8, 2026
View reviewed changes
teor2345
teor2345 reviewed Jan 12, 2026
View reviewed changes
text/0000-trait-permits.md
## Motivation
Rust currently allows any downstream crate to implement traits for types they own, subject to the orphan rules. While flexible, this can lead to:

Accidental or malicious impls: External crates can implement traits in ways that break invariants.
Copy link
Contributor

@teor2345 teor2345 Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If a malicious impl can cause memory safety issues, then the trait must be marked unsafe. Or rewritten to defend against malicious impls.

If it can't, then API design, documentation, assertions, and tests are usually the way this gets resolved. Are there specific scenarios where these aren't enough?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kennytm kennytm kennytm left review comments

@scottmcm scottmcm scottmcm left review comments

+3 more reviewers

@Lokathor Lokathor Lokathor left review comments

@teor2345 teor2345 teor2345 left review comments

@JarredAllen JarredAllen JarredAllen left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

T-lang Relevant to the language team, which will review and decide on the RFC. T-types Relevant to the types team, which will review and decide on the RFC.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@HackingRepo @kennytm @Lokathor @teor2345 @scottmcm @JarredAllen @ehuss