|
|
|
|
|
|
by pornel
614 days ago
|
|
|
Building safe abstraction around unsafe code works, because it reduces the scope of the code that has to be reviewed for memory safety issues. Instead of the whole codebase being suspect, and hunting for unsafety being like a million-line "Where's Waldo?", it reduces the problem to just verifying the `unsafe` blocks against safety of their public interface, "is this a Waldo?". This can still be tricky, but it has proven to be a more tractable problem. |
|
|