diff options
| author | Dylan DPC <dylan.dpc@gmail.com> | 2020-05-01 23:16:36 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-05-01 23:16:36 +0200 |
| commit | 05b1991e76ff3e266c176f8b6c97d77fa7554cc2 (patch) | |
| tree | cf6cde1d0d60c8846144631eacc35cb3add8d0cf | |
| parent | 8aad12b87dfaf154ec3626dbb51659f213548ba5 (diff) | |
| parent | d61debac64af9d9f0c18db55fe66144941aa76c7 (diff) | |
| download | rust-05b1991e76ff3e266c176f8b6c97d77fa7554cc2.tar.gz rust-05b1991e76ff3e266c176f8b6c97d77fa7554cc2.zip | |
Rollup merge of #71760 - LeSeulArtichaut:document-unsafety, r=Mark-Simulacrum
Document unsafety for `*const T` and `*mut T` Helps with #66219 r? @Mark-Simulacrum
| -rw-r--r-- | src/libcore/ptr/const_ptr.rs | 6 | ||||
| -rw-r--r-- | src/libcore/ptr/mut_ptr.rs | 6 |
2 files changed, 8 insertions, 4 deletions
diff --git a/src/libcore/ptr/const_ptr.rs b/src/libcore/ptr/const_ptr.rs index 35a0852bbf5..94ad77d1ec6 100644 --- a/src/libcore/ptr/const_ptr.rs +++ b/src/libcore/ptr/const_ptr.rs @@ -3,8 +3,6 @@ use crate::cmp::Ordering::{self, Equal, Greater, Less}; use crate::intrinsics; use crate::mem; -// ignore-tidy-undocumented-unsafe - #[lang = "const_ptr"] impl<T: ?Sized> *const T { /// Returns `true` if the pointer is null. @@ -215,6 +213,7 @@ impl<T: ?Sized> *const T { where T: Sized, { + // SAFETY: the `arith_offset` intrinsic has no prerequisites to be called. unsafe { intrinsics::arith_offset(self, count) } } @@ -702,6 +701,7 @@ impl<T: ?Sized> *const T { if !align.is_power_of_two() { panic!("align_offset: align is not a power-of-two"); } + // SAFETY: `align` has been checked to be a power of 2 above unsafe { align_offset(self, align) } } } @@ -729,6 +729,8 @@ impl<T> *const [T] { #[unstable(feature = "slice_ptr_len", issue = "71146")] #[rustc_const_unstable(feature = "const_slice_ptr_len", issue = "71146")] pub const fn len(self) -> usize { + // SAFETY: this is safe because `*const [T]` and `FatPtr<T>` have the same layout. + // Only `std` can make this guarantee. unsafe { Repr { rust: self }.raw }.len } } diff --git a/src/libcore/ptr/mut_ptr.rs b/src/libcore/ptr/mut_ptr.rs index dbd92ce5fcc..cf9e20aa569 100644 --- a/src/libcore/ptr/mut_ptr.rs +++ b/src/libcore/ptr/mut_ptr.rs @@ -2,8 +2,6 @@ use super::*; use crate::cmp::Ordering::{self, Equal, Greater, Less}; use crate::intrinsics; -// ignore-tidy-undocumented-unsafe - #[lang = "mut_ptr"] impl<T: ?Sized> *mut T { /// Returns `true` if the pointer is null. @@ -208,6 +206,7 @@ impl<T: ?Sized> *mut T { where T: Sized, { + // SAFETY: the `arith_offset` intrinsic has no prerequisites to be called. unsafe { intrinsics::arith_offset(self, count) as *mut T } } @@ -890,6 +889,7 @@ impl<T: ?Sized> *mut T { if !align.is_power_of_two() { panic!("align_offset: align is not a power-of-two"); } + // SAFETY: `align` has been checked to be a power of 2 above unsafe { align_offset(self, align) } } } @@ -917,6 +917,8 @@ impl<T> *mut [T] { #[unstable(feature = "slice_ptr_len", issue = "71146")] #[rustc_const_unstable(feature = "const_slice_ptr_len", issue = "71146")] pub const fn len(self) -> usize { + // SAFETY: this is safe because `*const [T]` and `FatPtr<T>` have the same layout. + // Only `std` can make this guarantee. unsafe { Repr { rust_mut: self }.raw }.len } } |