You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.
Is your feature request related to a problem or challenge? Please describe what you are trying to do.
As pointed out by @jhorstmann on #921 at #921 (comment),
Buffer::typed_data does not actually need to be marked unsafe since it checks the alignment requirements. The very similarly implemented MutableBuffer::typed_data_mut is not marked as unsafe. The safety notes mention bool as a special case, but that is no longer an ArrowNativeType since a while.
I reviewed the code a bit more, and the comments make a great point:
/// `ArrowNativeType` is public so that it can be used as a trait bound for other public
/// components, such as the `ToByteSlice` trait. However, this means that it can be
/// implemented by user defined types, which it is not intended for.
Meaning that if a user implements ArrowNativeType for their types, this will result in undefined behavior.
I also looked more carefully at Buffer and it effectively allows reinterpreting arbitrary bytes as different types, so I am not sure that behavior is safe...
be done is make MutableBuffer::typed_data unsafe instead as the docs there say very specifically
/// # Safety
/// This function must only be used when this buffer was extended with items of type `T`.
/// Failure to do so results in undefined behavior.
Ok, I wasn't aware that implementing ArrowNativeType for arbitrary types by a user is a supported usecase. Maybe making that into a sealed trait would also be an option. Anyway, my comment was more about the inconsistency between MutableBuffer::typed_data and Buffer::typed_data, so marking both unsafe is also fine.