On Sun, 2015-08-02 at 21:23 +0200, Christian Grothoff wrote: > > Rust has a very good FFI to C code, but writing safe wrappers around > > unsafe C code can incur overhead. In particular, Rust folk had issues > > with libuv, yet another take on libevent. And GNUNet utils appears > > quite unsafe by Rust standards, even before worrying about leaked > > sockets. > > Care to elaborate about 'unsafe'?
I interpret "exposes a safe API" as "cannot create memory problems for Rust programs". I suppose this requires that lifetimes and mutability specified by the API is honest and Rust should never simultaneously have both a mutable reference and multiple references to a particular piece of data. In fact, a library should probably be thread-safe for its API to really be considered "safe" in Rust. In practice, there are bindings for non-thread-safe libraries that simply warn users not to use more than one thread. > I don't really see a semantic difference between gj/kj/promises and what > we do in GNUnet. Yes, these are doing the same thing, even down to having a unique callback they call only once, well Rust's FnOnce closures can only be called once. Yet, notation always has a big impact on the people trying to understand it. It much easier to see an FnOnce closure vs searching the code repeatedly to verify that every call site assigns the pointer to NULL. Jeff
signature.asc
Description: This is a digitally signed message part
_______________________________________________ GNUnet-developers mailing list [email protected] https://lists.gnu.org/mailman/listinfo/gnunet-developers
