Added assert_unsafe_precondition! check for NonZeroXxx::from_mut_unchecked

2022-10-30 14:49:24 +08:00 · 2022-10-30 14:49:24 +08:00 · 3acb445f15
commit 3acb445f15
parent 4459be7bd5
1 changed files with 20 additions and 13 deletions
--- a/library/core/src/num/nonzero.rs
+++ b/library/core/src/num/nonzero.rs
@ -171,18 +171,6 @@ macro_rules! nonzero_integer {
                }
            }

-            /// Converts a primitive mutable reference to a non-zero mutable reference
-            /// if the referenced integer is not zero.
-            #[unstable(feature = "nonzero_from_mut", issue = "none")]
-            #[must_use]
-            #[inline]
-            pub fn from_mut(n: &mut $Int) -> Option<&mut Self> {
-                // SAFETY: Self is repr(transparent), and the value is non-zero.
-                // As long as the returned reference is alive,
-                // the user cannot `*n = 0` directly.
-                (*n != 0).then(|| unsafe { &mut *(n as *mut $Int as *mut Self) })
-            }
-
            /// Converts a primitive mutable reference to a non-zero mutable reference
            /// without checking whether the referenced value is non-zero.
            /// This results in undefined behavior if `*n` is zero.
@ -194,7 +182,26 @@ macro_rules! nonzero_integer {
            #[inline]
            pub unsafe fn from_mut_unchecked(n: &mut $Int) -> &mut Self {
                // SAFETY: Self is repr(transparent), and the value is assumed to be non-zero.
-                unsafe { &mut *(n as *mut $Int as *mut Self) }
+                unsafe {
+                    let n_alias = &mut *n;
+                    core::intrinsics::assert_unsafe_precondition!(
+                        concat!(stringify!($Ty), "::from_mut_unchecked requires the argument to dereference as non-zero"),
+                        (n_alias: &mut $Int) => *n_alias != 0
+                    );
+                    &mut *(n as *mut $Int as *mut Self)
+                }
+            }
+
+            /// Converts a primitive mutable reference to a non-zero mutable reference
+            /// if the referenced integer is not zero.
+            #[unstable(feature = "nonzero_from_mut", issue = "none")]
+            #[must_use]
+            #[inline]
+            pub fn from_mut(n: &mut $Int) -> Option<&mut Self> {
+                // SAFETY: Self is repr(transparent), and the value is non-zero.
+                // As long as the returned reference is alive,
+                // the user cannot `*n = 0` directly.
+                (*n != 0).then(|| unsafe { &mut *(n as *mut $Int as *mut Self) })
            }

            /// Returns the value as a primitive type.