Henri Sivonen <[email protected]> wrote: > On Wed, Jan 6, 2016 at 9:27 PM, Brian Smith <[email protected]> wrote: > > Henri Sivonen <[email protected]> wrote: > >> > >> On Thu, Oct 1, 2015 at 9:58 PM, Jonathan Watt <[email protected]> wrote: > >> > For those who are interested in this, there's a bug to consider > >> > integrating > >> > the Guidelines Support Library (GSL) into the tree: > >> > > >> > https://bugzilla.mozilla.org/show_bug.cgi?id=1208262 > >> > >> This bug appears to have stalled. > >> > >> What should my expectations be regarding getting an equivalent of (at > >> least single-dimensional) GSL span<T> (formerly array_view<T>; > >> conceptually Rust's slice) into MFBT? > >> > >> > On 30/09/2015 22:00, Botond Ballo wrote: > >> >> The document is a work in progress, still incomplete in many places. > >> >> The initial authors are Bjarne Stroustrup and Herb Sutter, two > members > >> >> of the C++ Standards Committee, and they welcome contributions via > >> >> GitHub to help complete and improve it. > >> > >> In their keynotes, a template called array_buffer was mentioned. What > >> happened to it? array_buffer<T> was supposed to be array_view<T> > >> (since renamed to span<T>) plus an additional size_t communicating > >> current position in the buffer. Surprisingly, Core Guidelines has an > >> example of reading up to n items into span but the example doesn't > >> show how the function would signal how many bytes between 0 and n it > >> actually read, so the Guidelines themselves don't seem to give a > >> proper answer to signaling how many items of a span a function read or > >> wrote. > > > > > > This functionality already exists--in a safer form than the Core C++ > > form--in Gecko: mozilla::pkix::Input and mozilla::pkix::Reader. > > I admit I'm not familiar with the nuances of either GSL span or > mozilla::pkix::Input. What makes the latter safer? >
mozilla::pkix::Input/Reader will never throw an exception or abort the process; instead it always returns an explicit success/failure result. It seems GSL will either abort or throw an exception in many situations. Since aborting is terrible and exceptions are not allowed in Gecko code, it seems Input/Reader is safer. The documentation for the Rust version of Input/Reader [1] attempts to explain more of the benefits of the Input/Reader approach. The one in *ring* is better than the one in mozilla::pkix in quite a few respects, but the idea is mostly the same. > mozilla::pkix::Input seems to be read-only. I'm looking for both > read-only and writable spans. > That's something Input/Reader doesn't do, because it is focused exclusively on parsing (untrusted) input. [1] https://briansmith.org/rustdoc/ring/input/index.html Cheers, Brian -- https://briansmith.org/ _______________________________________________ dev-platform mailing list [email protected] https://lists.mozilla.org/listinfo/dev-platform
