-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Shouldn't decode return an &mut T rather than a &T? #19
Comments
For some types this is ok, but for other types like Does that make sense / were you thinking of a different reason? |
Oh, I didn't realize that abomonation replaces the memory allocations of RAII objects with inline storage in its buffer. But in hindsight, it makes total sense, given how the A first question that comes to my mind is how you manage to get the pointer alignment right, but I guess this is already the topic of #8. Also, this means that one must be extremely careful about implementing |
Yup. Some of these things have quieted a bit as it became (years back) clear that Rust didn't have a stable story around unsafe, and I didn't want to make specific claims until they sorted that out more. Mostly, I didn't want to give the false impression that watching out for a few footguns would mean safety ensues. Instead, the front-page warning of "do not use this on data you care about" is meant to cover that. Also, text like
though it looks like I have the wrong name there. I'll add some text to the trait documentation after "do not call these methods" and before "maybe don't use the trait at all" warnings. :) |
Btw, are you using this for something, or considering it? The crate exists mostly for a small-ish set of performance sensitive people working with big data, and it has other issues that limit broad applicability (e.g. no |
I'm currently designing a But obviously, before actually using it, I had to go beyond your "this library will eat your data and summon nasal demons" blanket statements and get a reasonably solid understanding of what abomonation's actual safety preconditions are. And this is how I ended up studying your API and spamming your bug tracker in the process ;) By the way, you may be interested in the unsafe-code-guidelines repo if you don't know about it already. There were a lot of interesting discussions in there recently, and compiler people are available there to answer questions about how rustc currently behaves and whether they see a reasonable chance of it changing in the future. |
I think you should take a look at this RustConf talk by @oli-obk. The notion of ConstRefSafe that they define for the purpose of allowing heap allocations in const-eval seems suspiciously similar to the type contract that you need for replacing heap allocations with inline allocations in abomonation... |
As far as I can see, there is no reason why users shouldn't be allowed to modify the deserialized object in place if they so desire.
The text was updated successfully, but these errors were encountered: