alt Hacker NewsThis is true for a lot of things but for low-level code you can always fall back to "the intention is to not violate memory safety".
This is true for a lot of things but for low-level code you can always fall back to "the intention is to not violate memory safety".
That's true, but certainly that's limiting. Still, even then, `# SAFETY:` comments seem extremely helpful. "For every `unsafe`, determine its implied or stated safety contract, then build a suite of adversarial tests to verify or break those contracts" feels like a great way to get going.