Skip to content

p-token: Add unsafe to transmutable trait #65

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

p-token: Add unsafe to transmutable trait #65

wants to merge 1 commit into from

Conversation

febo
Copy link
Contributor

@febo febo commented Jul 1, 2025

Problem

The Transmutable trait has memory safety implications in its implementation, but it is not marked as unsafe. This is problematic since undefined behaviour can result from an incorrect implementation.

Solution

Add unsafe to Transmutable trait to make it explicit that the trait has to be carefully implemented.

cc: @d0nutptr

@febo febo requested a review from joncinque July 1, 2025 10:06
@febo febo marked this pull request as draft July 1, 2025 11:17
@febo
Copy link
Contributor Author

febo commented Jul 1, 2025

CI is failing since it is pulling a new version of mollusk and having some dependencies conflicts.

joncinque
joncinque approved these changes Jul 1, 2025
View reviewed changes
Copy link
Contributor

@joncinque joncinque left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense to me! Just another consideration for a future PR if you want

interface/src/state/mod.rs
Comment on lines 15 to 17
/// It is up to the type implementing this trait to guarantee that the cast is
/// safe, i.e., the fields of the type are well aligned and there are no padding
/// bytes.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To go with this safety concern, what do you think about specifying that bytes must be on a well-aligned address for T for all the load functions?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point, I will add a note on load in a separate PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joncinque joncinque joncinque approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@febo @joncinque