mikros/rust
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use the "Safety" heading instead of "Undefined Behavior"

Browse Source
This commit is contained in:
Dylan MacKenzie 2018-05-09 14:14:43 -07:00
parent d7209d5bab
commit e350ba48ed
2 changed files with 9 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/libcore/intrinsics.rs
View File

@ -971,12 +971,6 @@ extern "rust-intrinsic" {
///
/// # Safety
///
/// `copy_nonoverlapping` is unsafe because it dereferences a raw pointer.
/// The caller must ensure that `src` points to a valid sequence of type
/// `T`.
///
/// # Undefined Behavior
///
/// Behavior is undefined if any of the following conditions are violated:
///
/// * The region of memory which begins at `src` and has a length of
@ -986,17 +980,19 @@ extern "rust-intrinsic" {
/// `count * size_of::<T>()` bytes must be valid (but may or may not be
/// initialized).
///
/// * The two regions of memory must *not* overlap.
///
/// * `src` must be properly aligned.
///
/// * `dst` must be properly aligned.
///
/// * The two regions of memory must *not* overlap.
/// Additionally, if `T` is not [`Copy`], only the region at `src` *or* the
/// region at `dst` can be used or dropped after calling
/// `copy_nonoverlapping`. `copy_nonoverlapping` creates bitwise copies of
/// `T`, regardless of whether `T: Copy`, which can result in undefined
/// behavior if both copies are used.
///
/// Additionally, if `T` is not [`Copy`](../marker/trait.Copy.html), only
/// the region at `src` *or* the region at `dst` can be used or dropped
/// after calling `copy_nonoverlapping`. `copy_nonoverlapping` creates
/// bitwise copies of `T`, regardless of whether `T: Copy`, which can result
/// in undefined behavior if both copies are used.
/// [`Copy`]: ../marker/trait.Copy.html
///
/// # Examples
///
@ -1060,11 +1056,6 @@ extern "rust-intrinsic" {
///
/// # Safety
///
/// `copy` is unsafe because it dereferences a raw pointer. The caller must
/// ensure that `src` points to a valid sequence of type `T`.
///
/// # Undefined Behavior
///
/// Behavior is undefined if any of the following conditions are violated:
///
/// * The region of memory which begins at `src` and has a length of
@ -1112,11 +1103,6 @@ extern "rust-intrinsic" {
///
/// # Safety
///
/// `write_bytes` is unsafe because it dereferences a raw pointer. The
/// caller must ensure that the poiinter points to a valid value of type `T`.
///
/// # Undefined Behavior
///
/// Behavior is undefined if any of the following conditions are violated:
///
/// * The region of memory which begins at `dst` and has a length of

44
src/libcore/ptr.rs
View File

@ -54,11 +54,6 @@ pub use intrinsics::write_bytes;
///
/// # Safety
///
/// `drop_in_place` is unsafe because it dereferences a raw pointer. The caller
/// must ensure that the pointer points to a valid value of type `T`.
///
/// # Undefined Behavior
///
/// Behavior is undefined if any of the following conditions are violated:
///
/// * `to_drop` must point to valid memory.
@ -153,11 +148,6 @@ pub const fn null_mut<T>() -> *mut T { 0 as *mut T }
///
/// # Safety
///
/// `swap` is unsafe because it dereferences a raw pointer. The caller must
/// ensure that both pointers point to valid values of type `T`.
///
/// # Undefined Behavior
///
/// Behavior is undefined if any of the following conditions are violated:
///
/// * `x` and `y` must point to valid, initialized memory.
@ -307,14 +297,9 @@ unsafe fn swap_nonoverlapping_bytes(x: *mut u8, y: *mut u8, len: usize) {
/// operates on raw pointers instead of references. When references are
/// available, [`mem::replace`] should be preferred.
///
/// # Safety
///
/// `replace` is unsafe because it dereferences a raw pointer. The caller
/// must ensure that the pointer points to a valid value of type `T`.
///
/// [`mem::replace`]: ../mem/fn.replace.html
///
/// # Undefined Behavior
/// # Safety
///
/// Behavior is undefined if any of the following conditions are violated:
///
@ -350,11 +335,6 @@ pub unsafe fn replace<T>(dest: *mut T, mut src: T) -> T {
///
/// # Safety
///
/// `read` is unsafe because it dereferences a raw pointer. The caller
/// must ensure that the pointer points to a valid value of type `T`.
///
/// # Undefined Behavior
///
/// Behavior is undefined if any of the following conditions are violated:
///
/// * `src` must point to valid, initialized memory.
@ -440,11 +420,6 @@ pub unsafe fn read<T>(src: *const T) -> T {
///
/// # Safety
///
/// `read_unaligned` is unsafe because it dereferences a raw pointer. The caller
/// must ensure that the pointer points to a valid value of type `T`.
///
/// # Undefined Behavior
///
/// Behavior is undefined if any of the following conditions are violated:
///
/// * `src` must point to valid, initialized memory.
@ -523,10 +498,6 @@ pub unsafe fn read_unaligned<T>(src: *const T) -> T {
///
/// # Safety
///
/// `write` is unsafe because it dereferences a raw pointer.
///
/// # Undefined Behavior
///
/// Behavior is undefined if any of the following conditions are violated:
///
/// * `dst` must point to valid memory.
@ -600,10 +571,6 @@ pub unsafe fn write<T>(dst: *mut T, src: T) {
///
/// # Safety
///
/// `write_unaligned` is unsafe because it dereferences a raw pointer.
///
/// # Undefined Behavior
///
/// Behavior is undefined if any of the following conditions are violated:
///
/// * `dst` must point to valid memory.
@ -671,11 +638,6 @@ pub unsafe fn write_unaligned<T>(dst: *mut T, src: T) {
///
/// # Safety
///
/// `read_volatile` is unsafe because it dereferences a raw pointer. The caller
/// must ensure that the pointer points to a valid value of type `T`.
///
/// # Undefined Behavior
///
/// Behavior is undefined if any of the following conditions are violated:
///
/// * `src` must point to valid, initialized memory.
@ -741,10 +703,6 @@ pub unsafe fn read_volatile<T>(src: *const T) -> T {
///
/// # Safety
///
/// `write_volatile` is unsafe because it dereferences a raw pointer.
///
/// # Undefined Behavior
///
/// Behavior is undefined if any of the following conditions are violated:
///
/// * `dst` must point to valid memory.