`done()` is unsound and should be marked `unsafe`

Xudong-Huang / generator-rs

rust stackful generator library

Apache License 2.0

286 stars 35 forks source link

`done()` is unsound and should be marked `unsafe` #13

Closed jonas-schievink closed 4 years ago

jonas-schievink commented 4 years ago

done is equivalent to mem::uninitialized and thus can be used to trivially construct uninitialized instances of types.

The function is documented "don't use it directly, use done!() macro instead", but it's neither hidden nor marked as unsafe, both should probably be done.

This results in a segmentation fault on my machine:

use generator::{co_get_yield, co_set_para, Gn, done};

fn main() {
    done::<(String, Vec<u128>, Box<[u128]>)>();
}

Xudong-Huang commented 4 years ago

done can't not be called in non-coroutine context. Will add more checks here.

Xudong-Huang commented 4 years ago

done should be a safe API. in generator context, we didn't touch the uninit memory. and will panic in non-generator context.