-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Generate unsafe code conditionally with feature #1
Comments
Unfortunately, this is not possible when also providing the borrowed form of the type. Converting a string slice into the borrowed type requires the use of unsafe. I discuss this further in a comment regarding the unsafe requirement over in a Reddit thread. In particular, this crate is about making sure that the unsafe code required is implemented precisely and correctly every time. I'll also note that each use of One potential workaround that I didn't mention in that Reddit thread would require exposing hidden "safe" functions from this crate that aren't really safe, and I don't want to put out a public API that (particularly in a hidden, undocumented API) lies to the consumer. If you have a crate that absolutely must forbid unsafe rather than just deny it, then I would recommend segregating the braids into something like a A final, and much more restrictive option, would be to have a means of generating only the owned wrappers. That could be reasonable, but it does mean that you can't just borrow a refrence out of an existing buffer, you'd always need to operate with the owned value (or references to that owned value) in order to carry the type's invariants along. Perhaps that's desirable. What are your thoughts on this? |
I'd say that for crates that absolutely must avoid unsafe code, an inability to generate borrowed wrappers is a fair tradeoff. I will note that it's not entirely clear to me from reading the README what the purpose of the borrowed wrappers are. To me I've looked at all the uses of unsafe code and while I do think I understand what they're doing and why, I still think making it optional would be a good idea. |
The difference between There's a second reason that most idiomatic Rust APIs that don't need ownership of the value take More context about the relative costs here can be found on this StackOverflow answer. I'll look at adding this request as a parameter to the crate. At that point, it basically will include the |
Oh, that makes a lot of sense. Thanks for explaining it. |
Only generated unsafe code when a feature (named "unsafe" or something) is enabled. It would be fine for this feature to be on by default, but would allow use in projects that forbid unsafe code.
The text was updated successfully, but these errors were encountered: