On 2/5/2015 7:39 PM, Zach the Mystic wrote:
On Friday, 6 February 2015 at 03:14:59 UTC, Walter Bright wrote:
I don't see how any proposal can work unless it specifies a safe interface to
an unsafe section of code. (I read a Rust tutorial that rather bluntly pointed
this out as well.)
Link?
"A non-unsafe function using unsafe internally should be implemented to be safe
to call; that is, there is no circumstance or set of arguments that can make the
function violate any invariants. If there are such circumstances, it should be
marked unsafe."
"However, this is not the case, unsafe is just an implementation detail; if a
safe function uses unsafe internally, it just means the author has been forced
to step around the type system, but still exposes a safe interface."
http://huonw.github.io/blog/2014/07/what-does-rusts-unsafe-mean/
