Observed result or behaviour:
It is possible to loan a sample and immediately publish it without initializing the data.
Expected result or behaviour:
With safe Rust this should not compile.
Conditions where it occurred / Performed steps:
Compile this code
let sample = publisher.loan()?;
publisher.send(sample)?;
Proposal
I think we can borrow some code from iceoryx-rs and let the API for uninitialized samples return a SampleMut<MaybeUninit<T>> instead of a SampleMut<T>. The user would have to call the unsafe assume_init method in order to get a SampleMut<T> to be able to publish the sample.
This is the iceoryx-rs API for uninitialized samples
let mut sample = publisher.loan_uninit()?;
let sample = unsafe {
(*sample.as_mut_ptr()).counter = counter;
sample.assume_init()
};
publisher.publish(sample);
This would lead to a compile time error
let sample = publisher.loan_uninit()?;
publisher.publish(sample);
Required information
Observed result or behaviour: It is possible to
loana sample and immediatelypublishit without initializing the data.Expected result or behaviour: With safe Rust this should not compile.
Conditions where it occurred / Performed steps: Compile this code
Proposal
I think we can borrow some code from iceoryx-rs and let the API for uninitialized samples return a
SampleMut<MaybeUninit<T>>instead of aSampleMut<T>. The user would have to call the unsafeassume_initmethod in order to get aSampleMut<T>to be able to publish the sample.This is the iceoryx-rs API for uninitialized samples
This would lead to a compile time error