API soundness issue in `raw_slice` and `raw_slice_mut`
Qwaz opened this issue · comments
The current definition of raw_slice
and raw_slice_mut
creates 'a
bounded reference from &self
. Since the returned slice is created from a stored pointer in &self
, it should be bounded by 'self
lifetime instead of 'a
.
With the current definitions of those methods, it is possible to cause data race with safe Rust code.
use rulinalg::matrix;
use rulinalg::matrix::BaseMatrixMut;
fn main() {
let mut mat = matrix![0];
let mut row = mat.row_mut(0);
// this creates mutable aliases to the same location
let raw_slice1 = row.raw_slice_mut();
let raw_slice2 = row.raw_slice_mut();
assert_eq!(raw_slice1[0], 0);
raw_slice2[0] = 1;
assert_eq!(raw_slice1[0], 0);
}
Unfortunately, this crate is not being maintained anymore. As you can see, last commit was in 2017. I suggest you to switch to nalgebra if it fits your needs.