search

edef1c / libfringe

a Rust library implementing safe, lightweight context switches, without relying on kernel services
https://edef1c.github.io/libfringe
Apache License 2.0
512 stars 31 forks source link

Explicitly state the contracts of Stack and GuardedStack #41

Closed whitequark closed 8 years ago

whitequark commented 8 years ago

Fixes #39. Fixes #40. cc @Amanieu

Amanieu commented 8 years ago

As I mentioned in #39, Stack should be changed to an unsafe trait since an implementation that fails to uphold the contract could lead to memory unsafety.

The alternative is to have only GuardedStack uphold a contract. Callers of Generator::unsafe_new will then have to ensure themselves that the Stack they pass in correctly upholds the stack requirements.

whitequark commented 8 years ago

As I mentioned in #39, Stack should be changed to an unsafe trait since an implementation that fails to uphold the contract could lead to memory unsafety.

I don't see how this is true. You cannot use a Stack implementation without unsafe code.

Amanieu commented 8 years ago

I don't see how this is true. You cannot use a Stack implementation without unsafe code.

Fair enough, my point is that you should add a note in the documentation of unsafe_new saying that the caller is responsible for ensuring that the Stack he is providing properly upholds its contract.

whitequark commented 8 years ago

@Amanieu addressed

edef1c commented 8 years ago

Landed :heart: