Anybody know of any good resources on when it's ok to mark @rustlang functions that use unsafe code as safe? I feel like while there's been some good highly technical analysis, there's not a ton of resources of how to think about `unsafe`.
-
-
-
Replying to @degausser42 @ryan_levick and
I know I've adopted a hard line on this question, and would agree with upstream. If a caller calling the function can cause UB, then the function must be "unsafe." When wrapping COM API's, that's a lot of things. I'd guess most wrapped COM will need to have lots of unsafe.
1 reply 0 retweets 2 likes -
Replying to @raphlinus @degausser42 and
You might ask, "why don't existing COM wrapper libraries like direct2d-rs and dwrote expose unsafe?" I'd argue it's because they're riddled with safety bugs. There are other people who might argue "it's only technical UB," but I'd say they're wrong.
2 replies 0 retweets 0 likes -
Replying to @raphlinus @degausser42 and
Other libraries have taken a different approach. It can be argued that ash is more successful than vulkano precisely because it doesn't try to hide the inherent unsafety of Vulkan.
1 reply 0 retweets 0 likes
A blog post is probably a better place for this than a Twitter rant. I have a doc with an outline for it (shared with Ryan already) but limited time to blog these days :/
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.