Rust likes to create static programs, by default all the crates (libraries) your program uses are statically linked so it knows exactly what the crates are doing.jahboater wrote: ↑Tue Aug 06, 2019 6:16 pmYes, I can see that.Heater wrote: ↑Tue Aug 06, 2019 5:58 pmWell, if your language does not allow you to read via an uninitialized pointer, if it does not allow the creation of null pointers, if it does not allow you to point at the wrong thing, if it does not allow you to share pointers for write operations, then there is no need for pointer checking at run time. You cannot create a rogue pointer in the first place.
But what about a function in a separate TU, a separately compiled and linked module, maybe a public library function.
The function has been been presented with a "char *" as an input parameter. It must do all those checks by hand to ensure a crash free experience? Or perhaps the function body is declared "unsafe". Or perhaps rustc/cargo or whatever it is, expects to manage the entire project including all the libraries. Uuugh.
Dynamic libraries require trust so foreign libraries can only be called from unsafe blocks, usually in a rust wrapper library, this allows for the minimum amount of unsafe code, just enough to make the call and convert any data. Obviously if the foreign function returns a char* for example, rust has to assume that the pointer is valid, the wrapper function should create the appropriate rust type and initialise it accordingly. That way rust can keep its guarantee that its code is valid.
Rust's String type is essentially a struct containing a pointer to allocated memory, an integer saying how much memory is allocated and an integer saying how long the current string stored there is. Strings are also utf-8, you can make a String from a raw u8 array but doing so is marked unsafe as it can't guarantee that invalid characters aren't used.