diff options
| author | Oliver Scherer <github35764891676564198441@oli-obk.de> | 2019-10-25 18:35:51 +0200 |
|---|---|---|
| committer | Oliver Scherer <github35764891676564198441@oli-obk.de> | 2019-11-06 11:04:42 +0100 |
| commit | e28287b32c40c44fb120c9a3a7eae6f82a7031fa (patch) | |
| tree | 7831e6cfc2ceefa50800c3468bb506629ec57805 | |
| parent | 34f7fcb862c4c53bc281af8be2542887a965deee (diff) | |
| download | rust-e28287b32c40c44fb120c9a3a7eae6f82a7031fa.tar.gz rust-e28287b32c40c44fb120c9a3a7eae6f82a7031fa.zip | |
The unsafety in `iter.rs` is already documented wonderfully
| -rw-r--r-- | src/libcore/array/iter.rs | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/src/libcore/array/iter.rs b/src/libcore/array/iter.rs index 11803238407..307e9b90ee2 100644 --- a/src/libcore/array/iter.rs +++ b/src/libcore/array/iter.rs @@ -51,7 +51,7 @@ where /// iterator (either via `IntoIterator` for arrays or via another way). #[unstable(feature = "array_value_iter", issue = "65798")] pub fn new(array: [T; N]) -> Self { - // The transmute here is actually safe. The docs of `MaybeUninit` + // SAFETY: The transmute here is actually safe. The docs of `MaybeUninit` // promise: // // > `MaybeUninit<T>` is guaranteed to have the same size and alignment @@ -84,10 +84,10 @@ where /// Returns an immutable slice of all elements that have not been yielded /// yet. fn as_slice(&self) -> &[T] { - // This transmute is safe. As mentioned in `new`, `MaybeUninit` retains + let slice = &self.data[self.alive.clone()]; + // SAFETY: This transmute is safe. As mentioned in `new`, `MaybeUninit` retains // the size and alignment of `T`. Furthermore, we know that all // elements within `alive` are properly initialized. - let slice = &self.data[self.alive.clone()]; unsafe { mem::transmute::<&[MaybeUninit<T>], &[T]>(slice) } @@ -117,7 +117,8 @@ where let idx = self.alive.start; self.alive.start += 1; - // Read the element from the array. This is safe: `idx` is an index + // Read the element from the array. + // SAFETY: This is safe: `idx` is an index // into the "alive" region of the array. Reading this element means // that `data[idx]` is regarded as dead now (i.e. do not touch). As // `idx` was the start of the alive-zone, the alive zone is now @@ -163,7 +164,8 @@ where // + 1]`. self.alive.end -= 1; - // Read the element from the array. This is safe: `alive.end` is an + // Read the element from the array. + // SAFETY: This is safe: `alive.end` is an // index into the "alive" region of the array. Compare the previous // comment that states that the alive region is // `data[alive.start..alive.end + 1]`. Reading this element means that @@ -226,6 +228,7 @@ where [T; N]: LengthAtMost32, { fn clone(&self) -> Self { + // SAFETY: each point of unsafety is documented inside the unsafe block unsafe { // This creates a new uninitialized array. Note that the `assume_init` // refers to the array, not the individual elements. And it is Ok if |