Fil-C is memory-safe down to the libpizlo POSIXish syscall layer, and then even those syscalls do memory safety checks (so you can't read(2) into an OOB area of a buffer, for example).
So, some safe code is built on a crapton of unsafe code, while other safe code is built on a tightly controlled TCB. There's a big spectrum there.
You’re describing exactly what I am describing: you still call out into a syscall that is not safe. You prevent that by checking things in the wrapper. Very standard.
You’re disingenuously conflating calling into a pile of userland unsafe code that does crypto using arrays and ptr math, which also does unsafe syscalls, with making all that memory safe except the syscall.
They’re not the same thing.
If they were the same thing then there would be no point to memory safety at all.
It really depends!
Fil-C is memory-safe down to the libpizlo POSIXish syscall layer, and then even those syscalls do memory safety checks (so you can't read(2) into an OOB area of a buffer, for example).
So, some safe code is built on a crapton of unsafe code, while other safe code is built on a tightly controlled TCB. There's a big spectrum there.