IDWriteGlyphRunAnalysis::CreateAlphaTexture uses a &mut [u8] slice, which implies unnecessary initialization of its contents

[ennis]

It seems that the signature of IDWriteGlyphRunAnalysis::CreateAlphaTexture was changed to take a &mut [u8] slice as an output parameter.
If I'm not mistaken, such slices always contain initialized data, which shouldn't be necessary since CreateAlphaTexture should write to the buffer represented by the slice. IIRC, the previous signature took a combination of *mut u8 and a usize to specify the size of the output buffer, which allowed the use of uninitialized memory (via Vec::with_capacity + set_len or MaybeUninit).

There might be a reason for this change but I couldn't find anything in the issues or the release notes.

[kennykerr]

The win32 metadata provides information about certain parameters representing arrays that I have transformed into Rust slices for convenience. For example:

unsafe HRESULT CreateAlphaTexture([In] DWRITE_TEXTURE_TYPE textureType, [In][Const] RECT* textureBounds, [Out][MemorySize(BytesParamIndex = 3)] byte* alphaValues, [In] uint bufferSize);

Note how the alphaValues and bufferSize parameters are logically associated with the MemorySize attribute.

which allowed the use of uninitialized memory (via Vec::with_capacity + set_len or MaybeUninit)

I don't think that Vec provides uninitialized memory. I have had another request to support MaybeUninit, but it gets complicated. #2065

Is the concern here that this would be costly? Does the buffer required by CreateAlphaTexture tend to be large?

[ennis]

Is the concern here that this would be costly? Does the buffer required by CreateAlphaTexture tend to be large?

Yes, my main concern is the additional cost of having to initialize the output buffer, although in the particular case of CreateAlphaTexture the cost of the function itself probably dwarfs the cost of initializing the buffer. That said there might be other functions where it's more problematic.

Here's the code I used before:

unsafe {
    let mut data = Vec::with_capacity(buffer_size);
    self.analysis.CreateAlphaTexture(texture_type, &bounds, data.as_mut_ptr(), buffer_size as u32)
                 .expect("CreateAlphaTexture failed");
    data.set_len(buffer_size);
}

This skips the initialization of the vec contents, and I think this is OK with regard to UB (a similar use case is presented in the docs for Vec::set_len).

Now I need to use this:

let mut data = vec![0u8; buffer_size];
self.analysis.CreateAlphaTexture(texture_type, &bounds, &mut data).expect("CreateAlphaTexture failed");

and pay the (negligible, in this case) cost of initialization.

[kennykerr]

Got it, thanks for the example. I may have to turn off the slice transformation for out parameters, only applying it to input parameters...

[poliorcetics]

Slice transformation for out parameters could be &[MaybeUninit<T>] since MaybeUninit is repr(transparent) for T, casting a slice from &[MaybeUninit<T>] to &[T] should be safe as long as the out result and length written are checked ?