x be some C library that cannot safely be called from multiple threads (due to globals and/or use of functions like
- Suppose I make unopinionated
x-srccrates to link the library and directly expose the C API.
- I also make an
xwrapper crate with a more opinionated API. This crate hides the functionality behind a static mutex to make it safe.
- Now suppose somebody else has different opinions and makes a crate called
eckswhich independently wraps
x-sys. Under the hood, this crate uses it’s own method of synchronizing calls to the API to be safe.
- Somebody inadvertently depends on both
ecks, and it ends up getting used by two threads simultaneously. Oops.
This makes it seem wrong for the
x wrapper crate to label its API as safe, because I cannot prove that a crate like
ecks does not exist. It seems that I am doomed to have to label virtually all code that uses
x as unsafe, all the way up to an
unsafe block somewhere in
How is this solved? Perhaps
x-sys should provide it’s own “official” API for synchronization to allow
x to coordinate with other unknown wrapper crates?