zlacker

[return to "Patterns for Defensive Programming in Rust"]
1. emschw+bK[view] [source] 2025-12-05 19:58:13
>>PaulHo+(OP)
Indexing into arrays and vectors is really wise to avoid.

The same day Cloudflare had its unwrap fiasco, I found a bug in my code because of a slice that in certain cases went past the end of a vector. Switched it to use iterators and will definitely be more careful with slices and array indexes in the future.

◧◩
2. joseph+QW1[view] [source] 2025-12-06 06:06:54
>>emschw+bK
> Cloudflare had its unwrap fiasco,

Was it a fiasco? Really? The rust unwrap call is the equivalent to C code like this:

    int result = foo(…);
    assert(result >= 0);
If that assert tripped, would you blame the assert? Of course not. Or blame C? No. If that assert tripped, it’s doing its job by telling you there’s a problem in the call to foo().

You can write buggy code in rust just like you can in any other language.

◧◩◪
3. elbear+J02[view] [source] 2025-12-06 07:08:14
>>joseph+QW1
The point is Rust provides more safety guarantees than C. But unwrap is an escape hatch, one that can blow up in your face. If they had taken the Haskell route and not provide unwrap at all, this wouldn't have happened.
◧◩◪◨
4. sapiog+ar2[view] [source] 2025-12-06 12:58:49
>>elbear+J02
Haskell is far more dangerous. It allows you to simple destruct the `Just` variant without a path for the empty case, causing a runtime error if it ever occurs.
[go to top]