You've already forked comprehensive-rust
mirror of
https://github.com/google/comprehensive-rust.git
synced 2025-07-15 02:24:18 +02:00
Apply suggestions from code review
Co-authored-by: Dmitri Gribenko <gribozavr@gmail.com>
This commit is contained in:
Luca Palmieri
GitHub
@ -48,13 +48,15 @@ impl Username {
|
|||||||
can't modify it.
|
can't modify it.
|
||||||
|
|
||||||
- Stress the importance of evaluating _the entire API surface_ exposed by a
|
- Stress the importance of evaluating _the entire API surface_ exposed by a
|
||||||
newtype to determine if invariants are indeed bullet-proof.\
|
newtype to determine if invariants are indeed bullet-proof.
|
||||||
|
|
||||||
It is crucial to consider all possible interactions, including trait
|
It is crucial to consider all possible interactions, including trait
|
||||||
implementations, that may allow users to bypass the invariants. For example,
|
implementations, that may allow users to bypass the invariants. For example,
|
||||||
if the `Username` type implements the `DerefMut` trait, users can modify the
|
if the `Username` type implements the `DerefMut` trait, users can modify the
|
||||||
underlying string directly, bypassing the validation checks in `new`.
|
underlying string directly, bypassing the validation checks in `new`.
|
||||||
|
|
||||||
- Type-level invariants have second-order benefits.\
|
- Type-level invariants have second-order benefits.
|
||||||
|
|
||||||
The input is validated once, at the boundary, and the rest of the program can
|
The input is validated once, at the boundary, and the rest of the program can
|
||||||
rely on the invariants being upheld. We can avoid redundant validation and
|
rely on the invariants being upheld. We can avoid redundant validation and
|
||||||
"defensive programming" checks throughout the program, reducing noise and
|
"defensive programming" checks throughout the program, reducing noise and
|
||||||
|
|||||||
Reference in New Issue
Block a user