Hi,

I am evaluating autograd for our project. I really like the concept, but I'm a bit concerned about the use of unsafe and some issues that come with it.

For example:

• lib.rs:243, creates a new typed Vec<T>, and calls set_len. Although the function is marked unsafe, according to the documentation the elements must be initialized before calling this function, so it is borderline UB.
• lib.rs:253, reads and casts any pointer as another type and is unsound. In contrast to the documentation it would not panic, but just invoke UB (you could cast_as an &u8 to u32).
• mlp_mnist.rs:171, (and others) transmutes a [u8; 4] to a u32. I think this can cause endian issues (although I'm not 100% sure here as you load that from disc and later explicitly force a be conversion)
• Then there are a few follow ups, e.g., where uninitialized_vec is used to create a reference to an uninitialized value.

I was wondering if you have an "unsafe roadmap" moving forward, and / or have plans to review the current use of unsafe in the code?

Thank you @ralfbiedert.
Yes, I also think unsafe usages in this crate are messed up, so made some fixes: 3274cbb

Highlights:

transmutes a [u8; 4] to a u32

-> It is ok since mnist dataset is stored as big endian. (I left some comments)

lib.rs:253, reads and casts any pointer as another type and is unsound. In contrast to the documentation it would not panic, but just invoke UB (you could cast_as an &u8 to u32).

-> Exactly, fixed the bug: https://github.com/raskr/rust-autograd/blob/master/src/ops/dot_ops.rs#L138