diff options
| author | Ralf Jung <post@ralfj.de> | 2024-08-29 16:06:20 +0200 |
|---|---|---|
| committer | Ralf Jung <post@ralfj.de> | 2024-08-29 16:06:20 +0200 |
| commit | 05ffd446a9b2d2c67c450bea4180eb4790939e07 (patch) | |
| tree | 066e202785d2d24b6b89f8a887ad186ffa21956b | |
| parent | 6cf068db566de080dfa7ed24a216ea3aed2b98ce (diff) | |
| download | rust-05ffd446a9b2d2c67c450bea4180eb4790939e07.tar.gz rust-05ffd446a9b2d2c67c450bea4180eb4790939e07.zip | |
Box validity: update for new zero-sized rules
| -rw-r--r-- | library/alloc/src/boxed.rs | 27 |
1 files changed, 12 insertions, 15 deletions
diff --git a/library/alloc/src/boxed.rs b/library/alloc/src/boxed.rs index 38b1766c174..b3a3cf1bbea 100644 --- a/library/alloc/src/boxed.rs +++ b/library/alloc/src/boxed.rs @@ -53,22 +53,19 @@ //! //! # Memory layout //! -//! For non-zero-sized values, a [`Box`] will use the [`Global`] allocator for -//! its allocation. It is valid to convert both ways between a [`Box`] and a -//! raw pointer allocated with the [`Global`] allocator, given that the -//! [`Layout`] used with the allocator is correct for the type. More precisely, -//! a `value: *mut T` that has been allocated with the [`Global`] allocator -//! with `Layout::for_value(&*value)` may be converted into a box using -//! [`Box::<T>::from_raw(value)`]. Conversely, the memory backing a `value: *mut -//! T` obtained from [`Box::<T>::into_raw`] may be deallocated using the -//! [`Global`] allocator with [`Layout::for_value(&*value)`]. +//! For non-zero-sized values, a [`Box`] will use the [`Global`] allocator for its allocation. It is +//! valid to convert both ways between a [`Box`] and a raw pointer allocated with the [`Global`] +//! allocator, given that the [`Layout`] used with the allocator is correct for the type and the raw +//! pointer points to a valid value of the right type. More precisely, a `value: *mut T` that has +//! been allocated with the [`Global`] allocator with `Layout::for_value(&*value)` may be converted +//! into a box using [`Box::<T>::from_raw(value)`]. Conversely, the memory backing a `value: *mut T` +//! obtained from [`Box::<T>::into_raw`] may be deallocated using the [`Global`] allocator with +//! [`Layout::for_value(&*value)`]. //! -//! For zero-sized values, the `Box` pointer still has to be [valid] for reads -//! and writes and sufficiently aligned. In particular, casting any aligned -//! non-zero integer literal to a raw pointer produces a valid pointer, but a -//! pointer pointing into previously allocated memory that since got freed is -//! not valid. The recommended way to build a Box to a ZST if `Box::new` cannot -//! be used is to use [`ptr::NonNull::dangling`]. +//! For zero-sized values, the `Box` pointer has to be non-null and sufficiently aligned. The +//! recommended way to build a Box to a ZST if `Box::new` cannot be used is to use +//! [`ptr::NonNull::dangling`]. Even for zero-sized types, the pointee type must be inhabited +//! to ensure that the Box points to a valid value of the given type. //! //! So long as `T: Sized`, a `Box<T>` is guaranteed to be represented //! as a single pointer and is also ABI-compatible with C pointers |