Anybody know of any good resources on when it's ok to mark @rustlang functions that use unsafe code as safe? I feel like while there's been some good highly technical analysis, there's not a ton of resources of how to think about `unsafe`.
-
-
I agree with your definition. The issue lies in the subtly of what constitutes an API and what evidence you need in order to be sure that all safety guarantees are upheld. I think there's a lot there that I haven't really seen explored.
-
If it's possible to write a code NOT containing `unsafe` calling into your library and causing UB without compiler rejecting such code, then the function MUST be marked `unsafe`. Being sure about it is a whole different story.
- 9 more replies
New conversation -
-
-
An interesting example of "what should be marked unsafe?" is Vec's `unsafe fn set_len`. In itself setting the length of a vector is not unsafe. It will never *not* succeed. It's only when you read the vec back out that you can get an out of bounds read. https://doc.rust-lang.org/std/vec/struct.Vec.html#method.set_len …
-
This is a good example that I will use if I actually manage to get this blog post/these blog posts written :-P
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.