Yes, that was the basic idea, you can only construct a Proof value with a specific branded lifetime by writing to an Out (ideally by either directly writing to it or by writing all the fields/one variant) with that same branded lifetime. Thus if the caller actually gets back the Proof value then it can be sure that the value has been initialized.
(NOT A CONTRIBUTION)
Many years ago now I explored the idea of "unsafe references," a new set of types to replace raw pointers with something harder to misuse. One thing I definitely determined is that there are three kinds of pointers; you need a covariant mutable pointer to represent pointers with exclusive ownership over their referent.
I would also just have any replacement for raw pointers be exclusively non-null, and require the use of Option to represent a nullable pointer. I don't see any advantage to having nullable pointer types when the NPO is built in.
1 Like
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.