Refactor constructor safety #76
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files
|
|
I think the sanitizer test is failing due to a bug in the sanitizer itself (given the obscure error referencing its source code). My guess is rust-lang/rust#111073 |
|
I'm at the fair with my family but noticed this come through and just wanted to say that I'm stoked about this one. I considered suggesting exposing Pointer::new but was hesitant. I'll review both tomorrow morning. Also, you're awesome dude. |
|
No rush, just came with a few ideas recently. I noticed |
|
Hah, you did! Perhaps not to hatch directly but the state of this crate would be in much worse shape without your contributions. You brought it up a few levels! :) |
Co-authored-by: Chance <[email protected]>
|
To be honest the unsafe for internal uses might be a bit overkill, I'm not 100% sure this is a great idea long term, but since it's an internal detail I think it's ok to experiment with. |
Although a lot more inconvenient for us, some of our functions have invariants that have to be held externally, so they should be
unsafe fn. This also makes it justifiable to expose them publicly (as then users can opt-in for manual checking of the invariants).Notable changes:
Pointer::newas a public (but unsafe) constructor (now calledPointer::new_unchecked). This gives users a way to bypass validation if they're sure they've got a valid string. Akin toString::from_utf8_uncheckedand family.PointerBuf::new_uncheckedas a new unsafe constructor, to matchPointer::new_unchecked.Token::from_encoded_uncheckedunsafe. This one I didn't make public because I don't see much use for it. We may revisit this later.