Re: [PATCH v8 3/5] rust: add bitmap API.

[Burak Emir]

On Mon, May 19, 2025 at 11:42 PM Miguel Ojeda
<miguel.ojeda.sandonis@xxxxxxxxx> wrote:
>
> On Mon, May 19, 2025 at 10:08 PM Burak Emir <bqe@xxxxxxxxxx> wrote:
> >
> > The "unsafe" here should serve as reminder to argue why it is ok to
> > not have any ordering guarantees.
>
> `unsafe` should be used for unsafe functions, not as a general
> "danger" or "advanced" marker.
>
> (Having such a marker could be useful, but `unsafe fn` is not it)
>

I can see the appeal of having a strict definition "safe = no UB".

> > The last sentence is supposed to say: when you have a &mut bitmap, you
> > can reborrow it as &bitmap, and then happily call this atomic op.
> > Even though it is unnecessary.
>
> I don't think that is related to safety preconditions. A "# Safety"
> section is intended to explain what the preconditions are.
>
> So, for instance, stating "The caller must ensure that this is safe"
> does not add much.

I see what you are saying. Not being sensitive to order is a
precondition to a property.
There are many different kinds of (colloquial) safety e.g. crash
safety or data integrity.

Sticking to a technical definition of safety has the advantage that
one can be consistent.
So I'll remove the unsafe marker then.

Thanks,
- Burak