You've already forked comprehensive-rust
mirror of
https://github.com/google/comprehensive-rust.git
synced 2025-07-11 08:40:31 +02:00
Avoid repetition across slides
This commit is contained in:
@ -4,7 +4,7 @@ minutes: 5
|
||||
|
||||
# Is It Truly Encapsulated?
|
||||
|
||||
You must evaluate the entire API surface exposed by a newtype to determine if
|
||||
You must evaluate _the entire API surface_ exposed by a newtype to determine if
|
||||
invariants are indeed bullet-proof. It is crucial to consider all possible
|
||||
interactions, including trait implementations, that may allow users to bypass
|
||||
validation checks.
|
||||
|
@ -48,14 +48,6 @@ impl Username {
|
||||
underlying value since `&str`, the returned type, restricts them to read-only
|
||||
access.
|
||||
|
||||
- Stress the importance of evaluating _the entire API surface_ exposed by a
|
||||
newtype to determine if invariants are indeed bullet-proof.
|
||||
|
||||
It is crucial to consider all possible interactions, including trait
|
||||
implementations, that may allow users to bypass the invariants. For example,
|
||||
if the `Username` type implements the `DerefMut` trait, users can modify the
|
||||
underlying string directly, bypassing the validation checks in `new`.
|
||||
|
||||
- Type-level invariants have second-order benefits.
|
||||
|
||||
The input is validated once, at the boundary, and the rest of the program can
|
||||
|
Reference in New Issue
Block a user