mikros/rust
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Rollup merge of #123932 - adamse:global-alloc-safety-preconds-positive, r=tgross35

Browse Source 
restate GlobalAlloc method safety preconditions in terms of what the caller has to do for greater clarity
This commit is contained in:
Matthias Krüger 2024-09-29 20:17:35 +02:00 committed by GitHub
commit 1d45203779
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 17 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
library/core/src/alloc/global.rs
View File

@ -124,8 +124,8 @@ pub unsafe trait GlobalAlloc {
/// ///
/// # Safety /// # Safety
/// ///
/// This function is unsafe because undefined behavior can result /// `layout` must have non-zero size. Attempting to allocate for a zero-sized `layout` may
/// if the caller does not ensure that `layout` has non-zero size. /// result in undefined behavior.
/// ///
/// (Extension subtraits might provide more specific bounds on /// (Extension subtraits might provide more specific bounds on
/// behavior, e.g., guarantee a sentinel address or a null pointer /// behavior, e.g., guarantee a sentinel address or a null pointer
@ -156,14 +156,14 @@ pub unsafe trait GlobalAlloc {
/// ///
/// # Safety /// # Safety
/// ///
/// This function is unsafe because undefined behavior can result /// The caller must ensure:
/// if the caller does not ensure all of the following:
/// ///
/// * `ptr` must denote a block of memory currently allocated via /// * `ptr` is a block of memory currently allocated via this allocator and,
/// this allocator,
/// ///
/// * `layout` must be the same layout that was used /// * `layout` is the same layout that was used to allocate that block of
/// to allocate that block of memory. /// memory.
///
/// Otherwise undefined behavior can result.
#[stable(feature = "global_alloc", since = "1.28.0")] #[stable(feature = "global_alloc", since = "1.28.0")]
unsafe fn dealloc(&self, ptr: *mut u8, layout: Layout); unsafe fn dealloc(&self, ptr: *mut u8, layout: Layout);
@ -172,7 +172,8 @@ pub unsafe trait GlobalAlloc {
/// ///
/// # Safety /// # Safety
/// ///
/// This function is unsafe for the same reasons that `alloc` is. /// The caller has to ensure that `layout` has non-zero size. Like `alloc`
/// zero sized `layout` can result in undefined behaviour.
/// However the allocated block of memory is guaranteed to be initialized. /// However the allocated block of memory is guaranteed to be initialized.
/// ///
/// # Errors /// # Errors
@ -220,20 +221,21 @@ pub unsafe trait GlobalAlloc {
/// ///
/// # Safety /// # Safety
/// ///
/// This function is unsafe because undefined behavior can result /// The caller must ensure that:
/// if the caller does not ensure all of the following:
/// ///
/// * `ptr` must be currently allocated via this allocator, /// * `ptr` is allocated via this allocator,
/// ///
/// * `layout` must be the same layout that was used /// * `layout` is the same layout that was used
/// to allocate that block of memory, /// to allocate that block of memory,
/// ///
/// * `new_size` must be greater than zero. /// * `new_size` is greater than zero.
/// ///
/// * `new_size`, when rounded up to the nearest multiple of `layout.align()`, /// * `new_size`, when rounded up to the nearest multiple of `layout.align()`,
/// must not overflow `isize` (i.e., the rounded value must be less than or /// does not overflow `isize` (i.e., the rounded value must be less than or
/// equal to `isize::MAX`). /// equal to `isize::MAX`).
/// ///
/// If these are not followed, undefined behaviour can result.
///
/// (Extension subtraits might provide more specific bounds on /// (Extension subtraits might provide more specific bounds on
/// behavior, e.g., guarantee a sentinel address or a null pointer /// behavior, e.g., guarantee a sentinel address or a null pointer
/// in response to a zero-size allocation request.) /// in response to a zero-size allocation request.)