Suggestion: BufMut::advance_mut should make cnt > self.remaining_mut() unsound
#760
Comments
paolobarbolini
changed the title
BufMut::advance_mut should not require cnt to be in boundsBufMut::advance_mut should make cnt > self.remaining_mut() unsound
|
I'm not convinced this is possible due to the semver hack. Bytes v1 will re-export |
|
I agree it's impossible but I also agree that an already |
Could we change the docs to say something along the lines of:
|
|
That would be a nice way to transition into it becoming unsound at some point (with breaking change). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
The current documentation for
BufMut::advance_mutsuggests that the implementation should handle cases wherecnt > self.remaining_mut(). However, since this function is already unsafe and requires the caller to ensure that the declared length has been properly initialized, it seems contradictory to also suggest the implementation handle out-of-bounds lengths.This requirement was added in #70, and did not exist before. It looks like an artifact of the pre-
MaybeUninitdays.The suggestion should instead be to add
debug_assert!to catch obviously unsound implementations while avoiding unnecessary runtime overhead in release builds.The text was updated successfully, but these errors were encountered: