On Wed, Jul 27, 2022 at 12:08 PM Kent Gibson warthog618@gmail.com wrote:
It should never return NULL. At the moment. I would prefer to have NULL checks for all cases, not assume anything about the C implementation, and to be consistent with other places where you do NULL checks. As it stands when I see this I need to go check the C to see if this is a reasonable exception or not. And I'm lazy.
Ideally the C side would document the guarantees explicitly instead, and then the Rust side can rely on them.
In any case, if a given C API never returned an invalid pointer and suddenly it starts doing so in some cases, I would consider that a breaking change in practice, which would likely break C users too.
A potential compromise meanwhile is `debug_assert!` to at least test those assumptions.
Cheers, Miguel