[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNUnet-developers] Why old-school C?

From: Jeff Burdges
Subject: Re: [GNUnet-developers] Why old-school C?
Date: Tue, 04 Aug 2015 10:27:05 +0200

On Sun, 2015-08-02 at 21:23 +0200, Christian Grothoff wrote:
> > Rust has a very good FFI to C code, but writing safe wrappers around
> > unsafe C code can incur overhead.  In particular, Rust folk had issues
> > with libuv, yet another take on libevent.  And GNUNet utils appears
> > quite unsafe by Rust standards, even before worrying about leaked
> > sockets.
> Care to elaborate about 'unsafe'?

I interpret "exposes a safe API" as "cannot create memory problems for
Rust programs".  I suppose this requires that lifetimes and mutability
specified by the API is honest and Rust should never simultaneously
have both a mutable reference and multiple references to a particular
piece of data. 

In fact, a library should probably be thread-safe for its API to really be
considered "safe" in Rust.  In practice, there are bindings for
non-thread-safe libraries that simply warn users not to use more than
one thread. 

> I don't really see a semantic difference between gj/kj/promises and what
> we do in GNUnet. 

Yes, these are doing the same thing, even down to having a unique
callback they call only once, well Rust's FnOnce closures can only be
called once.  

Yet, notation always has a big impact on the people trying to understand
it.  It much easier to see an FnOnce closure vs searching the code
repeatedly to verify that every call site assigns the pointer to NULL. 


Attachment: signature.asc
Description: This is a digitally signed message part

reply via email to

[Prev in Thread] Current Thread [Next in Thread]