Today, some of the non-FFI Rust functions implemented in the core do not enforce proper safety guarantees through their parameter interfaces. This issue surfaced during the R-EFI 6.0 migration work, where some of the core_* functions and their implementations needed to be marked as unsafe because their current Rust API surfaces do not enforce the required safety contracts. As a result, unsafe semantics bleed from the FFI layer into Rust functions and their implementations. With proper safe interfaces in place, the core can be more effectively audited for safe/unsafe guarantees.
Today, some of the non-FFI Rust functions implemented in the core do not enforce proper safety guarantees through their parameter interfaces. This issue surfaced during the R-EFI 6.0 migration work, where some of the
core_*functions and their implementations needed to be marked asunsafebecause their current Rust API surfaces do not enforce the required safety contracts. As a result,unsafesemantics bleed from the FFI layer into Rust functions and their implementations. With proper safe interfaces in place, the core can be more effectively audited for safe/unsafe guarantees.