Having a universal definition of safety in the language is very helpful, because there are no gotchas hidden in the documentation, no disclaimers about unsupported edge cases.
Otherwise when definition of safety is left up to each individual author of each library, then it depends on case-by-case basis. When a function dereferences a NULL pointer, it’s arguable whose responsibility it was to check the pointer. Or some functions may cause UB if you pass them 4GB-long strings, and that won’t be fixed, because that’s a silly edge case. Or thread-safety of functions may be unclear and depend on a number of factors.
In Rust there are no ifs and buts. This forces libraries to have more foolproof APIs, and helps with code reviews.
Having a universal definition of safety in the language is very helpful, because there are no gotchas hidden in the documentation, no disclaimers about unsupported edge cases.
Otherwise when definition of safety is left up to each individual author of each library, then it depends on case-by-case basis. When a function dereferences a
NULLpointer, it’s arguable whose responsibility it was to check the pointer. Or some functions may cause UB if you pass them 4GB-long strings, and that won’t be fixed, because that’s a silly edge case. Or thread-safety of functions may be unclear and depend on a number of factors.In Rust there are no ifs and buts. This forces libraries to have more foolproof APIs, and helps with code reviews.