> I'm quite sure that every line of the wxWidgets wrapper is "unsafe" \--
> that's the nature of wrapper code, this code doesn't get better when every
> 2nd line is a new unsafe: block.
I'm not familiar with wxWidgets so I can't speak about that API. But **the
point of Rust 's ``unsafe`` is not that you just wrap it around something to
make the compile error/warning go away!** It's a contract stating that you've
addressed the unsafe conditions and made the code inside the block actually
safe. (The name is misleading. Something like `actually_safe` would be better.)
Using the above `crypt` function as a simple example:
proc crypt(phrase, salt: cstring): cstring {.cdecl, importc, dynlib:
"libcrypt.so".}
proc safeCrypt(phrase, salt: string): string =
unsafe:
let ciphertext = crypt(phrase, salt)
if ciphertext == nil: raise newException( ...... )
return cast[string](ciphertext)
Run
Here sanitizing the input is implicit because of course a `string` never
converts to a nil `cstring`. The output is sanitized by checking for nil and
throwing something appropriate.
I'm sure to many Nim programmers this is overkill — they're OK with some level
of unsafe behavior. I get it! I code in C++ in my day job. But part of why I'm
interested in Nim is that I'm sick of the amount of unreliability in my own
code, in my co-workers' code, in the library code I depend on, and in the damn
OSs that I use. I want a language that can give me more reliability, without
sacrificing [much] performance or expressivity. That mostly means Nim or Rust
(as for Go, I've been there / done that.)
What I'd like to see is an ecosystem where people can continue to use unsafe or
auto-wrapped APIs if they're willing to live with the risks, and other people
(or the same people in other projects) can turn on safety checks and use safe
libraries (which may be wrappers around the unsafe ones.)
