mikros/rust
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Rollup merge of #71760 - LeSeulArtichaut:document-unsafety, r=Mark-Simulacrum

Browse Source 
Document unsafety for `*const T` and `*mut T`

Helps with #66219
r? @Mark-Simulacrum
This commit is contained in:
Dylan DPC 2020-05-01 23:16:36 +02:00 committed by GitHub
commit 05b1991e76
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/libcore/ptr/const_ptr.rs
View File

@ -3,8 +3,6 @@ use crate::cmp::Ordering::{self, Equal, Greater, Less};
use crate::intrinsics; use crate::intrinsics;
use crate::mem; use crate::mem;
// ignore-tidy-undocumented-unsafe
#[lang = "const_ptr"] #[lang = "const_ptr"]
impl<T: ?Sized> *const T { impl<T: ?Sized> *const T {
/// Returns `true` if the pointer is null. /// Returns `true` if the pointer is null.
@ -215,6 +213,7 @@ impl<T: ?Sized> *const T {
where where
T: Sized, T: Sized,
{ {
// SAFETY: the `arith_offset` intrinsic has no prerequisites to be called.
unsafe { intrinsics::arith_offset(self, count) } unsafe { intrinsics::arith_offset(self, count) }
} }
@ -702,6 +701,7 @@ impl<T: ?Sized> *const T {
if !align.is_power_of_two() { if !align.is_power_of_two() {
panic!("align_offset: align is not a power-of-two"); panic!("align_offset: align is not a power-of-two");
} }
// SAFETY: `align` has been checked to be a power of 2 above
unsafe { align_offset(self, align) } unsafe { align_offset(self, align) }
} }
} }
@ -729,6 +729,8 @@ impl<T> *const [T] {
#[unstable(feature = "slice_ptr_len", issue = "71146")] #[unstable(feature = "slice_ptr_len", issue = "71146")]
#[rustc_const_unstable(feature = "const_slice_ptr_len", issue = "71146")] #[rustc_const_unstable(feature = "const_slice_ptr_len", issue = "71146")]
pub const fn len(self) -> usize { pub const fn len(self) -> usize {
// SAFETY: this is safe because `*const [T]` and `FatPtr<T>` have the same layout.
// Only `std` can make this guarantee.
unsafe { Repr { rust: self }.raw }.len unsafe { Repr { rust: self }.raw }.len
} }
} }

6
src/libcore/ptr/mut_ptr.rs
View File

@ -2,8 +2,6 @@ use super::*;
use crate::cmp::Ordering::{self, Equal, Greater, Less}; use crate::cmp::Ordering::{self, Equal, Greater, Less};
use crate::intrinsics; use crate::intrinsics;
// ignore-tidy-undocumented-unsafe
#[lang = "mut_ptr"] #[lang = "mut_ptr"]
impl<T: ?Sized> *mut T { impl<T: ?Sized> *mut T {
/// Returns `true` if the pointer is null. /// Returns `true` if the pointer is null.
@ -208,6 +206,7 @@ impl<T: ?Sized> *mut T {
where where
T: Sized, T: Sized,
{ {
// SAFETY: the `arith_offset` intrinsic has no prerequisites to be called.
unsafe { intrinsics::arith_offset(self, count) as *mut T } unsafe { intrinsics::arith_offset(self, count) as *mut T }
} }
@ -890,6 +889,7 @@ impl<T: ?Sized> *mut T {
if !align.is_power_of_two() { if !align.is_power_of_two() {
panic!("align_offset: align is not a power-of-two"); panic!("align_offset: align is not a power-of-two");
} }
// SAFETY: `align` has been checked to be a power of 2 above
unsafe { align_offset(self, align) } unsafe { align_offset(self, align) }
} }
} }
@ -917,6 +917,8 @@ impl<T> *mut [T] {
#[unstable(feature = "slice_ptr_len", issue = "71146")] #[unstable(feature = "slice_ptr_len", issue = "71146")]
#[rustc_const_unstable(feature = "const_slice_ptr_len", issue = "71146")] #[rustc_const_unstable(feature = "const_slice_ptr_len", issue = "71146")]
pub const fn len(self) -> usize { pub const fn len(self) -> usize {
// SAFETY: this is safe because `*const [T]` and `FatPtr<T>` have the same layout.
// Only `std` can make this guarantee.
unsafe { Repr { rust_mut: self }.raw }.len unsafe { Repr { rust_mut: self }.raw }.len
} }
} }