Anybody know of any good resources on when it's ok to mark @rustlang functions that use unsafe code as safe? I feel like while there's been some good highly technical analysis, there's not a ton of resources of how to think about `unsafe`.
-
-
Replying to @ryan_levick @rustlang
I'd define it as: "it's okay to mark it as safe when the external API no longer requires you to manually uphold the safety guarantees". This can be both be because it's guaranteed to always work, or like in the case of bounds checks make sure it panics for invalid parameters.
2 replies 0 retweets 9 likes -
An interesting example of "what should be marked unsafe?" is Vec's `unsafe fn set_len`. In itself setting the length of a vector is not unsafe. It will never *not* succeed. It's only when you read the vec back out that you can get an out of bounds read. https://doc.rust-lang.org/std/vec/struct.Vec.html#method.set_len …
2 replies 0 retweets 1 like -
Replying to @yoshuawuyts @rustlang
This is a good example that I will use if I actually manage to get this blog post/these blog posts written :-P
1 reply 0 retweets 2 likes
Nice! -- I got this example from Boats btw, if you want to credit anyone (:
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.