On 05/25/2012 03:00 AM, Bennie Kloosteman wrote:
On Thu, May 24, 2012 at 9:16 PM, David Rajchenbach-Teller
<dtel...@mozilla.com> wrote:
On 5/24/12 12:40 PM, Bennie Kloosteman wrote:
* The system _must_ not prevent developers from calling C code from Rust.
* The system _must_ not prevent developers from passing a pointer to a
Rust function to C code that will call back to it.
* The system _must_ not prevent, some day, developers from calling Rust
from JavaScript.
* The system _must_ not prevent, some day, developers from calling
JavaScript from Rust.
These should be unsafe - I believe this is the case with rust.
I am not sure if you mean this in relation with all four points or with
the last one. So, indeed, I see no reason to change the fact that calls
to C are considered unsafe.
For calls to JavaScript, I have not given it much thought. I suppose
that they could be either unsafe or somehow managed.
externals calls either must work 100% ( including type conversions) or
be marked unsafe... if it breaks type or memory safety you need to say
that.
Speaking of which we can handle C errors in calls but what about C++
exceptions ? Does any C++ code we hook need exception wrappers ?
Also any error system rust should work when called from C ( unlike
C++ exceptions) .
The current situation is that C++ code must not throw into Rust code or
the runtime will abort and Rust code that has been called from native
code must not fail or the runtime will abort. We can probably come up
with some way to handle both these.
-Brian
_______________________________________________
Rust-dev mailing list
Rust-dev@mozilla.org
https://mail.mozilla.org/listinfo/rust-dev
