diff options
| author | Markus Everling <markuseverling@gmail.com> | 2023-02-05 02:16:43 +0100 |
|---|---|---|
| committer | Markus Everling <markuseverling@gmail.com> | 2023-02-05 02:16:43 +0100 |
| commit | 1e114a88bde098d1c057161aa252fa75d5739592 (patch) | |
| tree | 6bcbfac98be60f65f8911ce0b929fe08a6966c7b | |
| parent | 8ca25b8e49ca3442a56029f59677dfaab5b6eaf5 (diff) | |
| download | rust-1e114a88bde098d1c057161aa252fa75d5739592.tar.gz rust-1e114a88bde098d1c057161aa252fa75d5739592.zip | |
Add `slice_ranges` safety comment
| -rw-r--r-- | library/alloc/src/collections/vec_deque/drain.rs | 9 | ||||
| -rw-r--r-- | library/alloc/src/collections/vec_deque/mod.rs | 8 |
2 files changed, 12 insertions, 5 deletions
diff --git a/library/alloc/src/collections/vec_deque/drain.rs b/library/alloc/src/collections/vec_deque/drain.rs index a102aaad452..99bd7902e69 100644 --- a/library/alloc/src/collections/vec_deque/drain.rs +++ b/library/alloc/src/collections/vec_deque/drain.rs @@ -62,11 +62,10 @@ impl<'a, T, A: Allocator> Drain<'a, T, A> { // We know that `self.idx + self.remaining <= deque.len <= usize::MAX`, so this won't overflow. let end = start + self.remaining; - // SAFETY: the range `start..end` lies strictly inside - // the range `0..deque.original_len`. Because of this, and because - // we haven't touched the elements inside this range yet, - // it's guaranteed that `a_range` and `b_range` represent valid ranges into - // the deques buffer. + // SAFETY: `start..end` represents the range of elements that + // haven't been drained yet, so they're all initialized, + // and `slice::range(start..end, end) == start..end`, + // so the preconditions for `slice_ranges` are met. let (a_range, b_range) = deque.slice_ranges(start..end, end); (deque.buffer_range(a_range), deque.buffer_range(b_range)) } diff --git a/library/alloc/src/collections/vec_deque/mod.rs b/library/alloc/src/collections/vec_deque/mod.rs index 6d3e784c8b7..813430ae615 100644 --- a/library/alloc/src/collections/vec_deque/mod.rs +++ b/library/alloc/src/collections/vec_deque/mod.rs @@ -1226,6 +1226,14 @@ impl<T, A: Allocator> VecDeque<T, A> { /// the given range. The `len` parameter should usually just be `self.len`; /// the reason it's passed explicitly is that if the deque is wrapped in /// a `Drain`, then `self.len` is not actually the length of the deque. + /// + /// # Safety + /// + /// This function is always safe to call. For the resulting ranges to be valid + /// ranges into the physical buffer, the caller must ensure that for all possible + /// values of `range` and `len`, the result of calling `slice::range(range, ..len)` + /// represents a valid range into the logical buffer, and that all elements + /// in that range are initialized. fn slice_ranges<R>(&self, range: R, len: usize) -> (Range<usize>, Range<usize>) where R: RangeBounds<usize>, |