Anybody know of any good resources on when it's ok to mark @rustlang functions that use unsafe code as safe? I feel like while there's been some good highly technical analysis, there's not a ton of resources of how to think about `unsafe`.
You might ask, "why don't existing COM wrapper libraries like direct2d-rs and dwrote expose unsafe?" I'd argue it's because they're riddled with safety bugs. There are other people who might argue "it's only technical UB," but I'd say they're wrong.
-
-
I agree with you completely. We tried to generate safe wrappers for COM. I don’t believe it’s possible unless you’re methods take only Copy arguments and you assume that IUnknown is implemented properly
-
The question for COM becomes, can you assume proper IUnknown implementations if you don’t know ahead of time what CoClass is actually backing those implementations
- 1 more reply
New conversation -
-
-
Other libraries have taken a different approach. It can be argued that ash is more successful than vulkano precisely because it doesn't try to hide the inherent unsafety of Vulkan.
-
A blog post is probably a better place for this than a Twitter rant. I have a doc with an outline for it (shared with Ryan already) but limited time to blog these days :/
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.