{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreifgawr57cdjabbjuyl2rub2lirnkhbdhb3ctqabjwjmepo7qemqry",
"uri": "at://did:plc:ivbknywyskln22er3nkssdhl/app.bsky.feed.post/3mpj4p76u5m52"
},
"path": "/t/language-vision-regarding-safety-guarantees/24418#post_14",
"publishedAt": "2026-06-30T13:28:36.000Z",
"site": "https://internals.rust-lang.org",
"textContent": "I have more or less understood you. Is it equivalent to bug -- vulnerability, or incorrect -- unsound?\n\nIf so, I do think there is few necessity of logic contract. First of all, Rust cares about memory safety the most, and **try** to make logic correct with type system. Secondly, even if we have logic contract, we can''t guarantee that a verified program is logically correct, but only guarantee that it works as we expected within modelled logic contract.\n\nAnd for safety contract, I still have my opinion:\n\nIf an unsafe operation requires post-condition of an upstream crate:\n\n * If the **safety** \"ensures\" contract from upstream crate covers such requirement, you don't need to do anything.\n * If not (either no safety contract or not cover), you must check it at runtime.\n\n\n\nThe above rules make it possible to fluently upgrade a dependency, and you don't need to review third-party code for contract, or worry about how unsafe downstream client uses your code (a library writer only need to care about the correctness of safety contract, and breaking changes of safety contracts across major versions).",
"title": "Language vision regarding safety guarantees"
}