Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Mark the highlevel functions as unsafe. (WebAssembly#24)
Following @RalfJung's comment here: bytecodealliance/wasi-rs#8 (comment) as long as the functions are still taking integer file descriptor arguments, we should mark the APIs here `unsafe`. This is particularly interesting in the context of WASI, as it aligns with the OCap security model -- Rust's `std::fs::File` is an unforgeable handle in safe Rust. So while there are still integer file descriptors at the wasm level for now, programs compiled from safe Rust still have fine-grained isolation (with the caveat that until reference types are possible, this property isn't encoded in wasm in a verifiable way).
- Loading branch information