The current trait bounds here are too lax, allowing the compiler to accept code such as:
fn ctl_test(
chain: &mut Chain,
mem: &MemCtx,
) -> Result<(), ()> {
let mut a = false;
if !chain.read(&mut a, &mem) {
return Err(());
}
Ok(())
}I think every use of this API is using well-formed types (so isn't liable to hit UB on an invalid value), but we can rely on the typesystem to keep us right.
The underlying call to MemCtx::read already requires FromBytes, while MemCtx::write requires only Copy. It should probably also require IntoBytes for symmetry.
The current trait bounds here are too lax, allowing the compiler to accept code such as:
I think every use of this API is using well-formed types (so isn't liable to hit UB on an invalid value), but we can rely on the typesystem to keep us right.
The underlying call to
MemCtx::readalready requiresFromBytes, whileMemCtx::writerequires onlyCopy. It should probably also requireIntoBytesfor symmetry.