alamb commented on a change in pull request #628: URL: https://github.com/apache/arrow-rs/pull/628#discussion_r684559542
########## File path: arrow/README.md ########## @@ -35,6 +39,24 @@ The arrow crate provides the following optional features: implementations of some [compute](https://github.com/apache/arrow/tree/master/rust/arrow/src/compute) kernels using explicit SIMD processor intrinsics. +## Safety + +TLDR: You should avoid using the `alloc` and `buffer` and `bitmap` modules if at all possible. These modules contain `unsafe` code and are easy to misuse. + +As with all open source code, you should carefully evaluate the suitability of `arrow` for your project, taking into consideration your needs and risk tolerance prior to use. + +_Background_: There are various parts of the `arrow` crate which use `unsafe` and `transmute` code internally. We are actively working as a community to minimize undefined behavior and remove `unsafe` usage to align more with Rust's core principles of safety (e.g. the arrow2 project). + +As `arrow` exists today, it is fairly easy to misuse the APIs, leading to undefined behavior, and it is especially easy to misuse code in modules named above. For an example, as described in [the arrow2 crate](https://github.com/jorgecarleitao/arrow2#why), the following code compiles, does not panic, but results in undefined behavior: Review comment: @paddyhoran I am going to merge this PR and perhaps we can clarify / improve the wording about `ArrayData` in a follow on PR? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
