Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Suppose it is a dll that has exported functions returning or accepting unsafe strings. No way to make it safe without changing the API.


In Rust, there is no unsafe String, only blocks of code can be unsafe, no?


They likely mean a char* pointer to a null-terminated string, or a char* pointer and a length, as is usual for C.

If Rust was forced to expose such an API (to be on par with C's old API), it would have to use `*const u8` in its signature. Converting that to something that can be used in Rust is unsafe.

Even once converted to &[u8], it now has to deal with non-UTF8 inputs throughout its whole codebase, which is a lot more inconvenient. A lot of methods, like .split_ascii_whitespace, are missing on &[u8]. A lot of libraries won't take anything but a &str.

Or they might be tempted to convert such an input to a String, in which case the semantics will differ (it will now panic on non-UTF8 inputs).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: