I was unsafe-reviewing the referencing crate and noticed this:
|
// SAFETY: The pointer is valid as long as the registry exists |
|
unsafe { |
|
std::str::from_utf8_unchecked(std::slice::from_raw_parts( |
|
self.ptr.load(Ordering::Relaxed), |
|
self.len, |
|
)) |
|
} |
|
} |
It's very unclear if this invariant is upheld properly: anchors get threaded through a lot of the code and there are no comments anywhere talking about this
Furthermore, self-referential code is notorious in Rust for being hard to get right: even when the conceptual lifetimes are right there are many subtle things around Rust's aliasing model that you can get wrong.
Some alternate routes:
- Just clone the string
- Use an existing self-referential crate
- See if you can make it work with lifetimes. I'm not convinced this is possible.
- Split out the Anchors map into an AnchorContext type that is not stored within the Registry but instead passed to it, allowing it to reference the registry.
I was unsafe-reviewing the
referencingcrate and noticed this:jsonschema/crates/jsonschema-referencing/src/anchors/mod.rs
Lines 29 to 36 in a1ffac5
It's very unclear if this invariant is upheld properly: anchors get threaded through a lot of the code and there are no comments anywhere talking about this
Furthermore, self-referential code is notorious in Rust for being hard to get right: even when the conceptual lifetimes are right there are many subtle things around Rust's aliasing model that you can get wrong.
Some alternate routes: