> A function of type fn<T>(T) -> T must:<p>> return its argument or<p>> panic or abort or<p>> never return<p>This confused me for a moment because I thought “why? it only says the return value must be the same type as the argument, not that it must have the same value”, but of course since the type can be anything there is no operation that is guaranteed to work that you can perform on the argument value. You can’t for example multiply by two because not all types will support multiplication by an integer.
I loved this post. It’s very readable and introduces some interesting concepts related to type safety and some potentially simple use case in the context of access to private data, guaranteed from a type pattern.<p>As was pointed out in the Reddit conversation about this [1], the parametricity (new word I learned while reading this last night), will be lost with specialization.<p>Personally I want specialization for all the joy it will bring, and I don’t see this as a huge loss, but I wonder what other people’s thoughts are on this?<p>[1] <a href="https://www.reddit.com/r/rust/comments/80eis2/reasoning_with_types_in_rust/?st=JE7ZUBNM&sh=5df7aace" rel="nofollow">https://www.reddit.com/r/rust/comments/80eis2/reasoning_with...</a>
The <i>Secret</i> example is basically just encapsulation. It reminds me of the HTML type used in Go's standard library to avoid XSS vulnerabilities in HTML templates due to lack of escaping. [1] Any string that's not cast using HTML() is considered unsafe and will automatically be escaped.<p>In practice, this is used to make security audits easier. It's not that you can't defeat the system, but security review only needs to look at all the places a string is cast to or from the HTML type and verify that they're in fact safe. This is considerably easier than it would be with bare strings, though better encapsulation would help. (In Go, this could be done with a struct that has a private field, but that's not what they did for some reason.)<p>This is an old trick, also used by GWT [2] and other languages. Language support for zero-overhead, encapsulated wrapper types makes this particularly convenient; otherwise you have to decide if the performance cost is worth it for a widely-used type.<p>[1] <a href="https://golang.org/pkg/html/template/#HTML" rel="nofollow">https://golang.org/pkg/html/template/#HTML</a>
[2] <a href="http://www.gwtproject.org/javadoc/latest/com/google/gwt/safehtml/shared/SafeHtml.html" rel="nofollow">http://www.gwtproject.org/javadoc/latest/com/google/gwt/safe...</a>