Now that the code is more mature we can address two long standing safety issues.
1) The pervasive use of blind casting using the 'as' construct (#77), which is unwise in this code base that crosses the FFI boundary in so many places.
In fact a bug was found thanks to bound checks using TryFrom (See the relevant commit)
2) The use of raw pointers in the inner "operation" interfaces, which forced the use of even more unsafe code in the internal functions than was really needed. Again various potential issues were addressed implicitly here (no explicit test failures).
Now that the code is more mature we can address two long standing safety issues.
1) The pervasive use of blind casting using the 'as' construct (#77), which is unwise in this code base that crosses the FFI boundary in so many places. In fact a bug was found thanks to bound checks using TryFrom (See the relevant commit)
2) The use of raw pointers in the inner "operation" interfaces, which forced the use of even more unsafe code in the internal functions than was really needed. Again various potential issues were addressed implicitly here (no explicit test failures).
Fixes #77