[PATCH 2 of 6 V2] rust: iterator bindings to C code

Georges Racinet gracinet at anybox.fr
Fri Oct 12 04:35:48 EDT 2018


On 10/12/2018 07:04 AM, Yuya Nishihara wrote:
>> +/// Testable (for any Graph) version of rustlazyancestors_init
>> +#[inline]
>> +fn raw_init<G: Graph>(
>> +    graph: G,
>> +    initrevslen: usize,
>> +    initrevs: *mut c_long,
>> +    stoprev: c_long,
>> +    inclusive: c_long,
>> +) -> *mut AncestorsIterator<G> {
>> +
>> +    let inclb = match inclusive {
>> +        0 => false,
>> +        1 => true,
>> +        _ => {
>> +            return null_mut();
>> +        }
>> +    };
>> +
>> +    let slice = unsafe { slice::from_raw_parts(initrevs, initrevslen) };
> Nit: we might want to flag this function as unsafe as the caller has to be
> careful, but I'm not sure if that's common.

In principle, yes : that function does not provide any more guarantee
before calling slice::from_raw_parts, so it would be more consistent to
warn Rust callers. Of course nobody would want to call this raw_init
from Rust.

I'm gonna flag it unsafe in next version of the patchset

-- 
Georges Racinet
Anybox SAS, http://anybox.fr
Téléphone: +33 6 51 32 07 27
GPG: B59E 22AB B842 CAED 77F7 7A7F C34F A519 33AB 0A35, sur serveurs publics

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.mercurial-scm.org/pipermail/mercurial-devel/attachments/20181012/968d01ed/attachment.html>


More information about the Mercurial-devel mailing list