diff options
| author | 许杰友 Jieyou Xu (Joe) <39484203+jieyouxu@users.noreply.github.com> | 2024-12-27 20:44:11 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-12-27 20:44:11 +0800 |
| commit | b9df3761896adf06e1d8bc6fe6eb766345f23da7 (patch) | |
| tree | 8309c7c79a155c252338d78ab0033b85235c7692 | |
| parent | 207ed1b18538b3bc77177b162ca8a05223e5e797 (diff) | |
| parent | 526d29865c3956ab0dcfba62df7a1933e1f1520d (diff) | |
| download | rust-b9df3761896adf06e1d8bc6fe6eb766345f23da7.tar.gz rust-b9df3761896adf06e1d8bc6fe6eb766345f23da7.zip | |
Rollup merge of #134606 - RalfJung:ptr-copy-docs, r=Mark-Simulacrum
ptr::copy: fix docs for the overlapping case Fixes https://github.com/rust-lang/unsafe-code-guidelines/issues/549 As discussed in that issue, it doesn't make any sense for `copy` to read a byte via `src` after it was already written via `dst`. The entire point of this method is that is copies correctly even if they overlap, and that requires always reading any given location before writing it. Cc `@rust-lang/opsem`
| -rw-r--r-- | compiler/rustc_const_eval/src/interpret/memory.rs | 2 | ||||
| -rw-r--r-- | library/core/src/intrinsics/mod.rs | 8 |
2 files changed, 5 insertions, 5 deletions
diff --git a/compiler/rustc_const_eval/src/interpret/memory.rs b/compiler/rustc_const_eval/src/interpret/memory.rs index 027ba9644cb..0790db984e3 100644 --- a/compiler/rustc_const_eval/src/interpret/memory.rs +++ b/compiler/rustc_const_eval/src/interpret/memory.rs @@ -1359,6 +1359,8 @@ impl<'tcx, M: Machine<'tcx>> InterpCx<'tcx, M> { let src_alloc = self.get_alloc_raw(src_alloc_id)?; let src_range = alloc_range(src_offset, size); assert!(!self.memory.validation_in_progress, "we can't be copying during validation"); + // For the overlapping case, it is crucial that we trigger the read hook + // before the write hook -- the aliasing model cares about the order. M::before_memory_read( tcx, &self.machine, diff --git a/library/core/src/intrinsics/mod.rs b/library/core/src/intrinsics/mod.rs index 42b8eb33a1a..5e523c554d9 100644 --- a/library/core/src/intrinsics/mod.rs +++ b/library/core/src/intrinsics/mod.rs @@ -4364,13 +4364,11 @@ pub const unsafe fn copy_nonoverlapping<T>(src: *const T, dst: *mut T, count: us /// /// Behavior is undefined if any of the following conditions are violated: /// -/// * `src` must be [valid] for reads of `count * size_of::<T>()` bytes, and must remain valid even -/// when `dst` is written for `count * size_of::<T>()` bytes. (This means if the memory ranges -/// overlap, the two pointers must not be subject to aliasing restrictions relative to each -/// other.) +/// * `src` must be [valid] for reads of `count * size_of::<T>()` bytes. /// /// * `dst` must be [valid] for writes of `count * size_of::<T>()` bytes, and must remain valid even -/// when `src` is read for `count * size_of::<T>()` bytes. +/// when `src` is read for `count * size_of::<T>()` bytes. (This means if the memory ranges +/// overlap, the `dst` pointer must not be invalidated by `src` reads.) /// /// * Both `src` and `dst` must be properly aligned. /// |