Graydon Hoare on Nostr: I guess this is kinda whining but: the point of `unsafe` in Rust is to let you expose ...
I guess this is kinda whining but: the point of `unsafe` in Rust is to let you expose a (statically-or-dynamically) _safe interface_ to an _unsafe implementation_. I.e. a situation where the (small, local) implementation can be audited carefully, once, and then used (broadly, from wherever) without concern because the interface doesn't allow misuse.
If instead you expose an interface that lets any client scribble over memory "if they use the interface wrong" -- say your API is "integer handles" and your implementation is "unchecked index into buffer" -- you have made the entire program unsafe, and I am personally, officially, sternly disapproving.
If instead you expose an interface that lets any client scribble over memory "if they use the interface wrong" -- say your API is "integer handles" and your implementation is "unchecked index into buffer" -- you have made the entire program unsafe, and I am personally, officially, sternly disapproving.