Oh by the way — > The unsafe constructs are cast and addr and unsafeAddr. Easy enough for code > reviews, no big difference to Rust.
That's not actually true. Neither addr nor unsafeAddr can cause a crash or UB. What's unsafe is _dereferencing_ the pointers they produce. (I was going to say this was true of cast, but cast sort of performs the deref itself.) In Rust, creating raw pointers or passing them around is not considered unsafe. _Programming Rust_ , p. 528: "Safe code can pass raw pointers around, compare them, and create them by conversion from references (or even from integers), but only unsafe code can actually use them to access memory." (Or you can read the [Unsafe Rust](https://doc.rust-lang.org/stable/book/ch19-01-unsafe-rust.html) section of the official Rust book, whose wording is slightly different.) This makes actual unsafety slightly harder to find in Nim, since the deref can be implicit. A proc can take a `ptr` parameter, or access a `ptr` field of an object, and still be safe ... as long as it doesn't dereference the pointer.