|
1 | | -- Start Date: (fill me in with today's date, YYYY-MM-DD) |
| 1 | +- Start Date: 2014-04-16 |
2 | 2 | - RFC PR #: (leave this empty) |
3 | 3 | - Rust Issue #: (leave this empty) |
4 | 4 |
|
5 | 5 | # Summary |
6 | 6 |
|
7 | | -One para explanation of the feature. |
| 7 | +Add the keyword ```trusted``` that can be used to specify that all private items and members of a certain module should be accessible from a different module. |
8 | 8 |
|
9 | 9 | # Motivation |
10 | 10 |
|
11 | | -Why are we doing this? What use cases does it support? What is the expected outcome? |
| 11 | +This allows us to: |
| 12 | +1) Keep distinct logical units of computation in their own modules. |
| 13 | +2) Keep struct data fields private while allowing access to them from certain logically coupled modules. |
12 | 14 |
|
13 | 15 | # Detailed design |
14 | 16 |
|
15 | | -This is the bulk of the RFC. Explain the design in enough detail for somebody familiar |
16 | | -with the language to understand, and for somebody familiar with the compiler to implement. |
17 | | -This should get into specifics and corner-cases, and include examples of how the feature is used. |
| 17 | +First of all, why the keyword ```trusted```? Why not use the word _friend_ as C++ does? It's because the word _friend_ implies a bidirectional relation: _"X is a friend of Y"_ also implies that _"Y is a friend of X"_. |
| 18 | + |
| 19 | +A _trusted module declaration_ such as ```trusted mod foo::bar;``` can be written only before any _use declarations_. Such a declaration would specify that all private items and members in the current module are accessible also from the module ```foo::bar```. If the module ```foo::bar``` doesn't exists, then this declaration would cause a compile-time error such as _"module foo::bar doesn't exist"_. |
| 20 | + |
| 21 | +Multiple trusted modules can be specified at once using the following syntax: |
| 22 | +```trusted mod { foo::bar, baz, bar };``` |
18 | 23 |
|
19 | 24 | # Alternatives |
20 | 25 |
|
21 | | -What other designs have been considered? What is the impact of not doing this? |
| 26 | +If there is a desire to keep the number of keywords at a minimum, the following syntax could be used: |
| 27 | +```pub for mod foo::bar;``` |
| 28 | +or, alternatively: |
| 29 | +```pub in mod foo::bar;``` |
| 30 | + |
| 31 | +Another way to reduce the number of keywords would be to use keyword ```trusted```, but replace the keyword ```unsafe``` with ```trusted```. This follows from the logic that ```unsafe``` blocks and functions are _trusted_ not to cause any memory-safety errors because the author has promised that they won't. |
22 | 32 |
|
23 | 33 | # Unresolved questions |
24 | 34 |
|
25 | | -What parts of the design are still TBD? |
| 35 | +Is a more granular control over visibility desired? Specifying ```trusted``` on module boundaries follows the logic of other visibility rules, but should there be control over the visibility of specific items or members? |
0 commit comments