|
|
|
|
|
|
by ncmncm
1422 days ago
|
|
|
That would just be another tendentious example. Nobody would write a make_appender that takes a span argument, because it makes no sense. The point we should take away is that is actually hard to invent plausible examples of the failure that we are being told Rust would prevent. |
|
|
I don't agree with that. If you can guarantee that the data pointed to by the span will outlive your appender, then it's safe. And if you don't actually want to transfer ownership or incur the overhead of a copy, and you don't care if your input is a vector or an array, then it's the correct abstraction.
Replace std::span with std::weak_ptr (or a raw pointer), and replace the closure with a class (e.g. a tree where each node has a weak pointer to its parent), and tell me again that nobody would ever write that code. It's fundamentally the same concept: if your ownership model isn't ironclad, or if any of your assumptions are ever violated, then you can run into use-after-free.