> The unsafe in `unsafe mod ffi { ... }` is literally the proof that all APIs ex... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		eximius on Aug 22, 2020 \| parent \| context \| favorite \| on: AutoCXX: Safely call C++ from Rust with auto gener... > The unsafe in `unsafe mod ffi { ... }` is literally the proof that all APIs exposed in the block are sound to call from safe Rust. I think there might be a misunderstanding here. I interpreted the `unsafe mod ffi { ... }` to be like `unsafe fn foo()`, declaring the module as unsafe, not an unsafe block where we're telling the compiler we will maintain the invariants ourselves. It is somewhat unfortunate both the proof obligation and proof 'declaration' use the same token.

fluffything on Aug 24, 2020 [–]

> It is somewhat unfortunate both the proof obligation and proof 'declaration' use the same token.

There have been some RFCs open to improve this situation (e.g. unsafe blocks in unsafe functions comes to mind).

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact