Usage of unsafe?
ralfbiedert opened this issue · comments
Hi,
I am evaluating autograd
for our project. I really like the concept, but I'm a bit concerned about the use of unsafe
and some issues that come with it.
For example:
lib.rs:243
, creates a new typedVec<T>
, and callsset_len
. Although the function is markedunsafe
, according to the documentation the elements must be initialized before calling this function, so it is borderline UB.lib.rs:253
, reads and casts any pointer as another type and is unsound. In contrast to the documentation it would not panic, but just invoke UB (you couldcast_as
an&u8
tou32
).mlp_mnist.rs:171
, (and others) transmutes a[u8; 4]
to au32
. I think this can cause endian issues (although I'm not 100% sure here as you load that from disc and later explicitly force abe
conversion)- Then there are a few follow ups, e.g., where
uninitialized_vec
is used to create a reference to an uninitialized value.
I was wondering if you have an "unsafe roadmap" moving forward, and / or have plans to review the current use of unsafe
in the code?
Thank you @ralfbiedert.
Yes, I also think unsafe usages in this crate are messed up, so made some fixes: 3274cbb
Highlights:
transmutes a
[u8; 4]
to a u32
-> It is ok since mnist dataset is stored as big endian. (I left some comments)
lib.rs:253
, reads and casts any pointer as another type and is unsound. In contrast to the documentation it would not panic, but just invoke UB (you could cast_as an&u8
tou32
).
-> Exactly, fixed the bug: https://github.com/raskr/rust-autograd/blob/master/src/ops/dot_ops.rs#L138