TL;DR
Microsoft is enhancing memory safety in C# by redesigning the unsafe keyword to make safety contracts explicit and enforceable. The new model will be available as a preview in .NET 11 and a production release in .NET 12, aiming to improve security and code review processes.
Microsoft is implementing a significant overhaul of memory safety in C#, redesigning the unsafe keyword to make safety obligations explicit and enforceable. Running local models on an M4 with 24GB memory. This change aims to improve code review, security, and compliance in C# applications.
The new model expands the scope of the unsafe keyword from marking pointers to encompassing all code interacting with memory in ways the compiler cannot verify as safe. It introduces a safety comment style to document safety obligations, which will be enforced by the compiler.
This update is part of C# 16, which plans to release initially as a preview in .NET 11 and as a full feature in .NET 12. The redesign aims to make safety contracts visible, reviewable, and enforceable, shifting safety responsibility from implicit conventions to explicit, compiler-enforced rules.
The early implementation of the new safety model has already landed in the main branch of the C# compiler, signaling active development and testing. It aligns the language more closely with Rust’s approach, where unsafe code is marked as a contract that must be upheld by the developer.
Why It Matters
This development matters because it enhances the security and reliability of C# applications, especially those involving interop with native code or performance-critical unsafe operations. Making safety obligations explicit helps reduce bugs and vulnerabilities caused by memory errors.
Furthermore, as software development increasingly relies on AI-assisted code generation, the memory shortage is causing a repricing of consumer electronics and clear safety contracts become vital for maintaining security standards across large codebases and supply chains.
C# memory safety development books
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
Since its introduction in C# 1.0, the unsafe keyword has allowed developers to write code that interacts directly with memory, primarily for interoperability and performance. Japan memory maker Kioxia’s market cap surges on AI investment boom. Over time, other languages like Rust and Swift adopted stricter semantics for unsafe code, emphasizing safety contracts.
The current changes in C# aim to unify the unsafe model, making it more transparent and enforceable, similar to Rust’s approach. This evolution responds to industry concerns about memory safety, security vulnerabilities, and the need for better tooling to manage unsafe code.
“The redesigned unsafe keyword will make safety obligations explicit and enforceable, improving code review and security.”
— Microsoft development team
“Aligning with Rust’s semantics, the new model treats unsafe as a safety contract that developers must uphold.”
— C# language architect
unsafe keyword C# programming tools
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
It is not yet clear how widely adopted the new model will be upon release, or whether it will become the default in future C# versions. Details about tooling support and developer onboarding are still emerging.
memory safety tools for C# developers
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
The new safety model will be previewed in .NET 11, with feedback from developers shaping its final form. Waymo suspends freeway driving amid safety concerns. The full release is expected in .NET 12, with updates to development templates and tooling to support the new approach.
Further integration and documentation will follow as the community tests and adopts the new features.
As an affiliate, we earn on qualifying purchases.
Key Questions
What is changing about the unsafe keyword in C#?
The unsafe keyword will be expanded from marking pointers to representing a safety contract that must be explicitly upheld, making unsafe operations more reviewable and enforceable by the compiler.
When will the new safety model be available?
The new model will be available as a preview in .NET 11 and is planned for a full release in .NET 12.
Will this change make unsafe code safer?
Yes. By making safety obligations explicit and enforceable, it reduces the likelihood of memory errors and security vulnerabilities caused by unsafe operations.
How does this compare to Rust’s unsafe model?
The new C# model aligns more closely with Rust’s approach, where unsafe code is marked as a contract that developers must uphold, improving clarity and safety.
Will this be enabled by default?
Initially, the new safety model will be opt-in, with potential to become the default in later releases.
Source: Hacker News
