logoalt Hacker News

gpmyesterday at 7:19 PM1 replyview on HN

> "safety" does not show up in types

It does in rust. An `unsafe fn()` is a different type than a (implicitly safe by the lack of keyword) `fn()`.

The difference is that unsafe fn's can be encapsulated in safe wrappers, where as IO functions sort of fundamentally can't be encapsulated in non-IO wrappers. This makes the IO tagged type signatures viral throughout your program (and as a result annoying), while the safety tagged type signatures are things you only have to think about if you're touching the non-encapsulated unsafe code yourself.

Replies

qserayesterday at 7:50 PM

>The difference is that unsafe fn's can be encapsulated in safe wrappers

This is the koolaid I am not willing to drink.

If you can add safety very carefully on top of unsafe stuff (without any help from compiler), why not just use `c` and add safety by just being very careful?

> IO tagged type signatures viral throughout your program (and as a result annoying)..

Well, that is what good type systems do. Carry information about the types "virally". Anything short is a flawed system.

show 2 replies