[woodruffw]

> For scale: uv, a Rust project of broadly comparable size from the same general corner of the ecosystem, contains 73.

As a point of information: uv's use of `unsafe` largely involves interactions with OS APIs that don't have safe wrappers yet (in practice, this is mostly Win32 and similar APIs). It makes sense that Bun would have more `unsafe` than uv does, insofar as it needs to interact with JavaScriptCore's C API.

(This is without making a value judgement; only to observe that the magnitude of `unsafe` across projects doesn't necessarily communicate anything without knowing what the `unsafe` is for.)

[lunar_mycroft]

Bun has about twice the density of `unsafe` compared to deno, which does roughly the same job (wrap a c/c++ javascript engine to make a server side runtime written in rust). So not as massive a difference as the linked post's comparison, but still significantly more unsafe than we'd expect.

[kangalioo]

I haven't heard that number before and I'm actually impressed.

For a file-by-file close to literal translation of a memory-unsafe language to Rust, isn't that pretty good?

I was expecting the post-rewrite Bun's unsafe usages to be in the order of magnitude of C2Rust (https://c2rust.com/). I was _not_ expecting it to be in the same ballpark as hand-written Rust.

[lunar_mycroft]

I'm not sure I'd classify "double" as "the same ballpark", but either way C2Rust appears to just mark everything as `unsafe` (even when it's completely unnecessary), so I don't think that's a fair comparison. Further, I know for a fact that their are instances of the `unsafe` in the bun codebase right now that are just trivially incorrect in rust. A vaguely competent human programmer, even one doing a 1:1 translation (which is likely a bad idea anyway) would have caught those.

[zeroCalories]

I would trust a zig -> rust translation far less if it didn't make liberal use of unsafe, because that implies an order of magnitude more aggressive refactoring

[ryanshrott]

OS boundary unsafe is easy to audit because it's at the edges. The problem here is 10k unsafe blocks scattered through the core - that's a different thing entirely.