We currently use type aliases, but that doesn't really add any type safety. Group ids, process ids and user ids can freely be interchanged because their definitions in libc are the same. If we use newtype wrappers (i.e. struct UserId(libc::uid_t) instead of type UserId = libc::uid_t), we can actually make a few more ensurances that they come from the right source. We should make construction of these newtypes very much explicit because of that (i.e. no From). That should prevent accidental conversion into one of the newtype definitions where it was not meant.
pvdrz
commented
12 months ago
We currently use type aliases, but that doesn't really add any type safety. Group ids, process ids and user ids can freely be interchanged because their definitions in libc are the same. If we use newtype wrappers (i.e.
struct UserId(libc::uid_t)instead oftype UserId = libc::uid_t), we can actually make a few more ensurances that they come from the right source. We should make construction of these newtypes very much explicit because of that (i.e. noFrom). That should prevent accidental conversion into one of the newtype definitions where it was not meant.