It shows the tradeoffs of static enforcement of memory safety in
Rust:
http://cglab.ca/~abeinges/blah/rust-lifetimes-and-collections/
Some quotations:
However it's fairly easy to make an incorrect program by
overflowing an integer. Some would therefore assert that it
should be unsafe to add two integers together. However "being
able to write an incorrect program" isn't what Rust cares about.
That's impossible to guarantee with any amount of analysis,
static or dynamic, unless you hate mathematicians. Rust
specifically constrains itself to memory safety.<
This shows the weak typing of Rust, and its weak static analysis
of valid index intervals:
let mut v = vec![1i32, 2, 3, 4, 5];
for i in range(0, v.len()) {
// Array litteral syntax will just crash the program if you
index out of bounds,
// instead of returning an Option.
let x = &mut v[i];
// do some work with x
}
That's all perfectly sound and good, but it's wasting tons of
time doing bounds checking! It's also totally unidiomatic.<
This is nice:
fn split_at_mut(&mut self, mid: uint) -> (&mut [T], &mut [T]);
Bye,
bearophile
