It's too bad there aren't more Corrode examples on line. But from what's available, it just passes C raw pointers through function calls as unsafe Rust raw pointers. The interfaces generated are no better than they were in C. You can't rewrite one side or the other and get safety, because the interface itself is unsafe. That's no good.
This isn't a syntax problem. It's a semantic problem.
The interface is FFI, it has to be unsafe, because you can't guarantee anything about the C code.
The rust code though, can be converted to pure Rust. A strategy I use and most other FFI code I've seen, is to have a shim layer, which is unsafe, that calls through to safe code. And vise versa for calling out to C. The function definitions don't need to be unsafe, just the direct calls to C and conversions to C types.
> This isn't a syntax problem. It's a semantic problem.
I never said it was.
You can still make trivial semantic transformations on code by hand or by using a tool (corrode could do it itself, too) and make it safe. As bluejekyll said it's a bit tricky since you can't guarantee anything about the calls until you port those too.
The point is for it to be a first step in conversion, with large swathes of code being easy to make safe.
The issue with idioms is a real one.
But still, it gives you a good path for incremental conversion which IMO is pretty valuable.