Merge remote-tracking branch 'upstream/master' into rust-pr-46952

pull/55/head
Simon Sapin 7 years ago
commit fec3182d0b

@ -92,7 +92,8 @@ capacity violates the invariants of Vec (that `cap` reflects the allocated space
in the Vec). This is not something the rest of Vec can guard against. It *has* in the Vec). This is not something the rest of Vec can guard against. It *has*
to trust the capacity field because there's no way to verify it. to trust the capacity field because there's no way to verify it.
`unsafe` does more than pollute a whole function: it pollutes a whole *module*. Because it relies on invariants of a struct field, this `unsafe` code
does more than pollute a whole function: it pollutes a whole *module*.
Generally, the only bullet-proof way to limit the scope of unsafe code is at the Generally, the only bullet-proof way to limit the scope of unsafe code is at the
module boundary with privacy. module boundary with privacy.

Loading…
Cancel
Save