The problem at hand is trying to come up with a definition of legal unsafe code for Rust. The context is the Rust memory model. A (probably incomplete) list of goals is:
- Be simple enough, and close enough to common practice that most idiomatic C code which programmers would expect to maintain the Rust memory invariants is legal.
- Support common program optimizations of safe code, by compilers, hardware, or software developers.
- Not allow for undefined behaviour.
The Tootsie Pop model is a simple model of unsafety, based on call boundaries into and out of unsafe code. The model has a temporal flavour,