A safe API wrapper interface

[rbermani]

Has there been any consideration as to wrapping the unsafe bits of the user facing API into a safe abstraction?

[ids1024]

As long as it takes a RawWindowHandle it has to be unsafe. The exact implications dependent on platform, but that contains pointers on some platforms for instance, so it can trivially cause use-after-free if the RawWindowHandle isn't valid anymore, etc.

@notgull Was working on a safe wrapper to raw-window-handle recently: https://github.com/notgull/window-handle

If that approach can reliably work and be safe, it would be good to see it integrated into winit, softbuffer, glutin, wgpu, or anything else using raw-window-handle.

[rbermani]

Thanks. I'll keep an eye on @notgull's project. I have been using the rust pixels crate in lieu of softbuffer for an application that doesn't actually require GPU acceleration. It appears to be hiding the RawWindowHandle inside the implementation.

[Jules-Bertholet]

raw-window-handle 0.5.2 now has a safe API based on notgull's work, maybe this issue could be revisited?

[notgull]

raw-window-handle 0.5.2 now has a safe API based on notgull's work, maybe this issue could be revisited?

I've opened a PR (#132) in anticipation of the new raw-window-handle breaking changes in the upcoming v0.6 (rust-windowing/raw-window-handle#125).

I'd like to file equivalent draft PRs for glutin and wgpu before I release rwh v0.6. There's also this issue which needs to be resolved as well.