Py::from_owned_ptr_or_panic (and or_err) is marked safe, but sounds unsafe #95
Comments
|
I made them safe because of panic, developer needs to make sure ptr is valid. Unconditional fns are unsafe. I don’t have strong preferences, we can change |
|
@ExpHP would you like to join organizationand work on improvements? |
The Rust philosophy of unsafe in general is that it must not be possible to invoke undefined behavior without writing // You can generate an invalid pointer in safe code
Py::<()>::from_owned_ptr_or_panic(&3i32 as *const _ as *mut _)then one of the functions called in it should be marked
Possibly. At this point though I'm still trying to consider whether or not it's even a good idea for me to be trying to use Rust and python together right now, so it's possible I might just contribute for one day and then disappear. :P I did recently work on a project in C++ that had its own CPython bindings, so it's possible I might be able to contribute ideas from that experience. (though Rust adds a whole new dimension of design with its lifetimes; it's interesting to see some of the ideas that this library has!) |
|
The Rust philosophy of unsafe in general is that it must not be possible to invoke undefined behavior without writing unsafe. So if a safe code example can generate UB:
// You can generate an invalid pointer in safe code
Py::<()>::from_owned_ptr_or_panic(&3i32 as *const _ as *mut _)
If you want to write such code, rust won’t help you.
|
|
On the contrary. Normally, just about the only thing you can possibly do with an expression like |
|
I agree with your reasoning, I am fine with adding unsafe. |
|
fixed |
https://pyo3.github.io/pyo3/pyo3/struct.Py.html#method.from_owned_ptr_or_panic
https://pyo3.github.io/pyo3/pyo3/struct.Py.html#method.from_owned_ptr_or_err
Are these missing
unsafe fn, or is the documentation wrong?The text was updated successfully, but these errors were encountered: