alexcrichton opened PR #1357 from doc-memory
to master
:
Try to thoroughly document unsafety of
Memory
and how it can be used
safely.cc #1272
bjorn3 created PR Review Comment:
/// ```no_run /// # use wasmtime::Memory; /// # let mem: &Memory = (|| loop {})();You can then remove the wrapper function below.
bjorn3 submitted PR Review.
bjorn3 edited PR Review Comment.
fitzgen submitted PR Review.
fitzgen submitted PR Review.
fitzgen created PR Review Comment:
/// It's worth also, however, covering some examples of **incorrect**, **unsafe** usage of `Memory`. Do not do these things!
fitzgen created PR Review Comment:
:heart:
fitzgen created PR Review Comment:
/// * Long-lived pointers are only valid if `Memory` isn't used in an unsafe way
fitzgen created PR Review Comment:
/// shared borrows to overlap with each other, but mutable borrows must overlap
alexcrichton submitted PR Review.
alexcrichton created PR Review Comment:
Ah this was intentional since I wanted to explicitly name the functions in different examples.
alexcrichton updated PR #1357 from doc-memory
to master
:
Try to thoroughly document unsafety of
Memory
and how it can be used
safely.cc #1272
alexcrichton merged PR #1357.
sunfishcode submitted PR Review.
sunfishcode submitted PR Review.
sunfishcode created PR Review Comment:
Is it worth mentioning how this will change when we add threads?
sunfishcode created PR Review Comment:
/// // Short-lived borrows of memory are safe, but they must be scoped and
sunfishcode created PR Review Comment:
grammaro: "There are" instead of "There's".
sunfishcode created PR Review Comment:
/// * Long-lived pointers are only valid if `Memory` isn't used in an unsafe way
sunfishcode created PR Review Comment:
It would make this example even more poignant if you don't pass a
mem
argument tosome_other_function
. The reference-counted nature ofMemory
means that there could be other unrelated paths to theMemory
.
sunfishcode created PR Review Comment:
/// // not valid because the slices overlap.
sunfishcode created PR Review Comment:
I suggest qualifying this in some way. If you never have a long-lived pointer into memory, you're probably good, but it's still good to be careful.
alexcrichton submitted PR Review.
alexcrichton created PR Review Comment:
Oh excellent point, I'll make a whole new section about this.
Last updated: Dec 23 2024 at 12:05 UTC