[does this fit better on internals.rust-lang.org?]
When should we mark our functions unsafe? What’s the rule of a thumb about what’s safe? What’s the official recommendation on exposing
unsafe functions from a crate? Is this discouraged at all?
I see one usecase in which unsafe exported functions make sense: interfacing with
ptrace. Some of its routines, such as
PTRACE_POKEDATA are unsafe by design (in my meaning of unsafe). They can very easily crash the traced process, for example by writing (or reading in
PTRACE_PEEKDATA) to a disallowed location. OTOH, that’s basically what they are for - for writing arbitrary data in an arbitrary location, so there’s basically no way to make them unconditionally safe.