[rust-dev] A generalization of unsafe blocks

Tommi rusty.gates at icloud.com
Tue Apr 15 20:43:44 PDT 2014

On 2014-04-16, at 4:39, Brandon Sanderson <singingboyo at gmail.com> wrote:
> In general, I'd be against allowing disabling of something like 'enforce!'.  The whole point of using such a macro would be to say "Never let this be false.  If it is, fail so that it can't cause bigger problems". Your 'bugprone' keyword removes the certainty this offers.
Yes, perhaps this potentially disappearing macro shouldn't be named 'enforce' but rather something like 'check_precondition'. The macro named 'enforce' would be guaranteed to stick around no matter what, and the macro named 'assert' would disappear in release builds.

> In general, I think safety enforced within a function should not be removable by callers of said function.  Basically, that makes coding those safety assurances useless.

I think the precondition checking should be removable by the caller of the function when the caller has already checked or otherwise knows that the precondition is satisfied. It would be silly to check the precondition twice. Coding those bug-safety checks isn't useless, because anyone who writes a straight-forward call to my function gets that safety. The programmer needs to explicitly think and make his code uglier to remove those bug-safety checks.

> If you want the checks to be removable, use assert.
If I use 'assert' to verify input, I loose all bug-safety in release mode without any guarantee that the caller of the function has passed in arguments that satisfy the preconditions.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/rust-dev/attachments/20140416/6da353e7/attachment.html>

More information about the Rust-dev mailing list