ARROW-10804: [Rust] Removed some unsafe code from the parquet crate

[jorgecarleitao]

This PR removes an unsafe code by its safe counterpart.

[github-actions]

https://issues.apache.org/jira/browse/ARROW-10804

[jorgecarleitao]

@jhorstmann and @Dandandan , I notice that you are quite experienced with these types of problems by your PRs.

I am trying to remove this FatPtr with a safe counter part, which is blocking the build of #8796 by making this code safe and not use pointers from the buffers, but I am struggling a lot here (as you can see by the red on the CI 😭), and I am a bit blocked. I would be grateful for your help here.

[Dandandan]

The error originates from here, the error shows that it is moved here. A clone likely "solves" the issue? Usually taking the value by & in the function also solves this as it will stop it from taking ownership?

[Dandandan]

@jorgecarleitao

[Dandandan]

I will have some time tomorrow to check out the code to see what can be done about it otherwise

[Dandandan]

@jorgecarleitao Did not find an easy fix yet. What works, though ugly, is using the self.def_levels again in the two if branches.

[jorgecarleitao]

Did not find an easy fix yet. What works, though ugly, is using the self.def_levels again in the two if branches.

Thanks for the help. I tried that, but it is causing a double mutable borrow on my code. Maybe I am doing something wrong. Could you push to the change to a branch in your repo and share it with me?

[jorgecarleitao]

@Dandandan , your tip helped. Thanks a lot! It compiles now. The semantics are still wrong and I need to figure out why.

[Dandandan]

@jorgecarleitao great to hear! I saw it depends at least on changing the value of values_written but hope it helps in finding a solution 👍

[codecov-io]

Codecov Report

Merging #8829 (55974f6) into master (0c8b990) will increase coverage by 0.00%.
The diff coverage is 88.88%.

@@           Coverage Diff           @@
##           master    #8829   +/-   ##
=======================================
  Coverage   76.77%   76.77%           
=======================================
  Files         181      181           
  Lines       41009    40990   -19     
=======================================
- Hits        31485    31472   -13     
+ Misses       9524     9518    -6     

Impacted Files	Coverage Δ
rust/parquet/src/arrow/record_reader.rs	96.25% <88.88%> (+1.71%)	⬆️
rust/parquet/src/encodings/encoding.rs	92.99% <0.00%> (-0.18%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0c8b990...55974f6. Read the comment docs.

[jorgecarleitao]

@nevi-me , I would really appreciate your help here: there are major problems emerging in the parquet crate when I try to remove an unsafe struct.

The background of this change is that FatPtr is using Buffer::capacity and Buffer::raw_data() which is brittle and difficult to reason because a pointer is only valid within a container's len, not capacity. This is also leading to the error that the rust compiler safeguard us against when borrowing a mutable and immutable reference at the same time.

This is blocking #8796

I verified that in all 4 tests the content passed to ColumnReaderImpl::read_batch is the same in master and after this PR, but for some reason the outcome of that call is different, which hints that there is some other invariant beyond the ones that we are telling the compiler about through the typing and lifetime system.

[nevi-me]

@nevi-me , I would really appreciate your help here: there are major problems emerging in the parquet crate when I try to remove an unsafe struct.

Hey Jorge, I've been out of town, got back this morning. I'm going to catch up on PRs this weekend. I'll have a look at this first.

[nevi-me]

Hi @jorgecarleitao, I also spent most of today looking into this :(

The problem was a bit vs byte issue on consume_record_data and consume_rep_levels, so what was mostly needed was a fresh pair of eyes. I opened https://github.com/jorgecarleitao/arrow/pull/22. I didn't address the rustfmt lint, so you could see what I changed.

I verified that in all 4 tests the content passed to ColumnReaderImpl::read_batch is the same in master and after this PR, but for some reason the outcome of that call is different, which hints that there is some other invariant beyond the ones that we are telling the compiler about through the typing and lifetime system.

This was hidden away by the way that we compare arrays. Because we only print the first 10 & last 10 values of arrays, the issue wasn't visible, but comparing ArrayData surfaced the issue with the failing tests. I had to change the test utilities that generate data to return sequential values instead of randomly generated that. Then I was able to see why consume_record_data was filling the first 12 and last 12 slots with data (then the part that we don't print was just 0s).

I also changed the code slightly to rather initialise the buffers with let new_buffer = MutableBuffer::new(0) because we always perform an allocation on new_buffer.resize(num_bytes) as we never get the initial allocation right anyways.

[nevi-me]

Some feedback

[alamb]

FWIW I am not sure but this PR may conflict with #8698

[nevi-me]

@alamb they fortunately don't seem to conflict

[nevi-me]

LGTM

[alamb]

I just merged this code to master locally to test the effects of #8698 -- I am happy to report, as @nevi-me said, the tests still pass just fine