-
Notifications
You must be signed in to change notification settings - Fork 847
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replace RawPtrBox with Safe Abstraction #1811
Comments
The ouroboros is a personal crate, I am not sure whether it is safe to depend on it. |
Safe in what sense of the word? 😅 |
If there is a bug in ouroboros, then how to fix it? |
Definitely valid concerns, I think they need to be balanced against the likelihood of a bug in the current custom self-referential struct logic, vs an upstream that's had more eyes on it. TBC I'm not totally sold on this proposal, I happen to think the current logic is probably fine, but opinions on the dangers of unsafe vary. Let's see what other people think 😅 |
Sorry, I think I lack of the knowledge about why we have to use raw pointers here? |
The TLDR is
Whilst I write this I realise we could encapsulate the self-referential shenanigans in a typed buffer abstraction. I'll update the issue 👍 |
Interesting, haven't seen or tried that crate before, but seems to solve the exact problem that our Array types have where we have data owned by ArrayData but to access it without indirections using a pointer or slice. The crate looks healthy, several contributors and releases. The macro might slow down compilation a bit, but I think that's a worthwhile tradeoff.
|
I like the idea of a I agree with @HaoYang670 that hiding the unsafely behind someone else's library may just be fooling ourselves into thinking arrow is safer than it is. |
I bashed out what this might look like in #1820 PTAL |
Fix value_offsets for empty variable length arrays (apache#1824)
Is your feature request related to a problem or challenge? Please describe what you are trying to do.
Currently the Array implementations make use of
RawPtrBox
to reference data on their attached ArrayData. Not only is this construction deeply unsafe, but requires further unsafe pointer manipulation to use.Describe the solution you'd like
I would like for arrays to store strongly typed slices, instead of strongly typed pointers. This necessarily implies a self-referential struct, fortunately ouroboros provides a safe interface that handles this complexity for you. The hardest part is actually spelling the crates' name...
This would eliminate a lot of unsafe, without requiring any breaking changes.
Describe alternatives you've considered
We could not do this, this might just be a way to reduce the amount of unsafe in arrow-rs without requiring any breaking changes.
We could also abstract the self-referential shenanigans in a typed buffer abstraction, something like
Possibly even dropping ouroborous in favor of a little bit of custom unsafe.
Related Context
Somewhat related to #1799 which introduces stronger typing within ArrayData itself.
We used ouroboros for a while in IOx to handle flatbuffers, and it did the job. We have since removed flatbuffers in favor of a columnar protobuf representation, but that was more a reflection on flatbuffers than ouroboros.
Thoughts @alamb @jhorstmann @jorgecarleitao @HaoYang670 ?
The text was updated successfully, but these errors were encountered: