On Fri, Dec 17, 2021 at 6:01 AM Viresh Kumar <viresh.kumar@xxxxxxxxxx> wrote: > > Miguel, what's your take on stuff like this ? I am not sure if we should just > drop this check altogether. Given the C side documents that the pointer is valid (I think; since others are documented as "or NULL" etc., but it is a bit implicit), then avoiding the check is a possibility. However, to answer this, one needs to understand the risk profile of the project, the stability of the C API, the performance expectations (e.g. is the call supposed to be in the hot path of clients?), etc. When in doubt (or when there is no reason to not do the check), it is usually better to err on the safe side, specially if you aren't close to the maintainers of the API etc. But since you have access to Linus/Bartosz here, it is best to discuss this with them :) And, after all, you are already trusting the C side to some degree anyway, and it would be good to make sure both sides understand and clearly document the contracts of the functions so that no bindings break in the future (Rust or otherwise). Cheers, Miguel