docs: update safety docs for PyCapsule::import#6064
Conversation
Person-93
changed the title
PyCapsule::importPyCapsule::import
| /// - The contents of the capsule must not be mutated by any third-party code while the reference is alive. | ||
| /// The python interpreter does _NOT_ provide any synchronization guarantees for capsules. | ||
| pub unsafe fn import<'py, T>(py: Python<'py>, name: &CStr) -> PyResult<&'py T> { |
There was a problem hiding this comment.
I wonder, is it potentially worse than this? I imagine that if arbitrary Python code runs while the reference is alive, it can presumably free the capsule and leave the reference dangling.
There are presumably also alignment concerns, which the user cannot know.
Maybe there's enough spice here that it would be worth deprecating this and encouraging users to move over to #6066?
There was a problem hiding this comment.
Similarly we made the decision to remove .reference() in #5229 (comment)
There was a problem hiding this comment.
Maybe there's enough spice here that it would be worth deprecating this and encouraging users to move over to #6066?
I think that's a good idea. In the meantime, maybe we can check if the pointer is aligned and either panic or return an error if it isn't.
2 participants
No description provided.