diff options
| author | Ralf Jung <post@ralfj.de> | 2024-09-11 15:15:44 +0200 |
|---|---|---|
| committer | Ralf Jung <post@ralfj.de> | 2024-09-11 16:38:52 +0200 |
| commit | 58350799a184663845772417c07262dcbd52dfb5 (patch) | |
| tree | d842d023a264c3a9666da0355e4209474d0ae030 | |
| parent | a9fb00bfa4b3038c855b2097b54e05e8c198c183 (diff) | |
| download | rust-58350799a184663845772417c07262dcbd52dfb5.tar.gz rust-58350799a184663845772417c07262dcbd52dfb5.zip | |
ptr::add/sub: these are *not* equivalent to offset(count as isize)
| -rw-r--r-- | library/core/src/intrinsics.rs | 3 | ||||
| -rw-r--r-- | library/core/src/ptr/const_ptr.rs | 16 | ||||
| -rw-r--r-- | library/core/src/ptr/mut_ptr.rs | 16 |
3 files changed, 19 insertions, 16 deletions
diff --git a/library/core/src/intrinsics.rs b/library/core/src/intrinsics.rs index 7870a62ea81..22fc9f72ec4 100644 --- a/library/core/src/intrinsics.rs +++ b/library/core/src/intrinsics.rs @@ -1425,8 +1425,7 @@ extern "rust-intrinsic" { /// /// If the computed offset is non-zero, then both the starting and resulting pointer must be /// either in bounds or at the end of an allocated object. If either pointer is out - /// of bounds or arithmetic overflow occurs then any further use of the returned value will - /// result in undefined behavior. + /// of bounds or arithmetic overflow occurs then this operation is undefined behavior. /// /// The stabilized version of this intrinsic is [`pointer::offset`]. #[must_use = "returns a new pointer rather than modifying its argument"] diff --git a/library/core/src/ptr/const_ptr.rs b/library/core/src/ptr/const_ptr.rs index 3b45d46b31d..3df24e0d512 100644 --- a/library/core/src/ptr/const_ptr.rs +++ b/library/core/src/ptr/const_ptr.rs @@ -346,7 +346,7 @@ impl<T: ?Sized> *const T { if self.is_null() { None } else { Some(unsafe { &*(self as *const MaybeUninit<T>) }) } } - /// Adds an offset to a pointer. + /// Adds a signed offset to a pointer. /// /// `count` is in units of T; e.g., a `count` of 3 represents a pointer /// offset of `3 * size_of::<T>()` bytes. @@ -355,7 +355,8 @@ impl<T: ?Sized> *const T { /// /// If any of the following conditions are violated, the result is Undefined Behavior: /// - /// * The computed offset, `count * size_of::<T>()` bytes, must not overflow `isize`. + /// * The computed offset, `count * size_of::<T>()` bytes (using unbounded arithmetic), + /// must fit in an `isize`. /// /// * If the computed offset is non-zero, then `self` must be derived from a pointer to some /// [allocated object], and the entire memory range between `self` and the result must be in @@ -807,7 +808,7 @@ impl<T: ?Sized> *const T { } } - /// Adds an offset to a pointer (convenience for `.offset(count as isize)`). + /// Adds an offset to a pointer. /// /// `count` is in units of T; e.g., a `count` of 3 represents a pointer /// offset of `3 * size_of::<T>()` bytes. @@ -816,7 +817,8 @@ impl<T: ?Sized> *const T { /// /// If any of the following conditions are violated, the result is Undefined Behavior: /// - /// * The computed offset, `count * size_of::<T>()` bytes, must not overflow `isize`. + /// * The computed offset, `count * size_of::<T>()` bytes (using unbounded arithmetic), + /// must fit in an `isize`. /// /// * If the computed offset is non-zero, then `self` must be derived from a pointer to some /// [allocated object], and the entire memory range between `self` and the result must be in @@ -880,8 +882,7 @@ impl<T: ?Sized> *const T { unsafe { self.cast::<u8>().add(count).with_metadata_of(self) } } - /// Subtracts an offset from a pointer (convenience for - /// `.offset((count as isize).wrapping_neg())`). + /// Subtracts an offset from a pointer. /// /// `count` is in units of T; e.g., a `count` of 3 represents a pointer /// offset of `3 * size_of::<T>()` bytes. @@ -890,7 +891,8 @@ impl<T: ?Sized> *const T { /// /// If any of the following conditions are violated, the result is Undefined Behavior: /// - /// * The computed offset, `count * size_of::<T>()` bytes, must not overflow `isize`. + /// * The computed offset, `count * size_of::<T>()` bytes (using unbounded arithmetic), + /// must fit in an `isize`. /// /// * If the computed offset is non-zero, then `self` must be derived from a pointer to some /// [allocated object], and the entire memory range between `self` and the result must be in diff --git a/library/core/src/ptr/mut_ptr.rs b/library/core/src/ptr/mut_ptr.rs index ddb9195d2e7..630983c8355 100644 --- a/library/core/src/ptr/mut_ptr.rs +++ b/library/core/src/ptr/mut_ptr.rs @@ -344,7 +344,7 @@ impl<T: ?Sized> *mut T { if self.is_null() { None } else { Some(unsafe { &*(self as *const MaybeUninit<T>) }) } } - /// Adds an offset to a pointer. + /// Adds a signed offset to a pointer. /// /// `count` is in units of T; e.g., a `count` of 3 represents a pointer /// offset of `3 * size_of::<T>()` bytes. @@ -353,7 +353,8 @@ impl<T: ?Sized> *mut T { /// /// If any of the following conditions are violated, the result is Undefined Behavior: /// - /// * The computed offset, `count * size_of::<T>()` bytes, must not overflow `isize`. + /// * The computed offset, `count * size_of::<T>()` bytes (using unbounded arithmetic), + /// must fit in an `isize`. /// /// * If the computed offset is non-zero, then `self` must be derived from a pointer to some /// [allocated object], and the entire memory range between `self` and the result must be in @@ -888,7 +889,7 @@ impl<T: ?Sized> *mut T { unsafe { (self as *const T).sub_ptr(origin) } } - /// Adds an offset to a pointer (convenience for `.offset(count as isize)`). + /// Adds an offset to a pointer. /// /// `count` is in units of T; e.g., a `count` of 3 represents a pointer /// offset of `3 * size_of::<T>()` bytes. @@ -897,7 +898,8 @@ impl<T: ?Sized> *mut T { /// /// If any of the following conditions are violated, the result is Undefined Behavior: /// - /// * The computed offset, `count * size_of::<T>()` bytes, must not overflow `isize`. + /// * The computed offset, `count * size_of::<T>()` bytes (using unbounded arithmetic), + /// must fit in an `isize`. /// /// * If the computed offset is non-zero, then `self` must be derived from a pointer to some /// [allocated object], and the entire memory range between `self` and the result must be in @@ -961,8 +963,7 @@ impl<T: ?Sized> *mut T { unsafe { self.cast::<u8>().add(count).with_metadata_of(self) } } - /// Subtracts an offset from a pointer (convenience for - /// `.offset((count as isize).wrapping_neg())`). + /// Subtracts an offset from a pointer. /// /// `count` is in units of T; e.g., a `count` of 3 represents a pointer /// offset of `3 * size_of::<T>()` bytes. @@ -971,7 +972,8 @@ impl<T: ?Sized> *mut T { /// /// If any of the following conditions are violated, the result is Undefined Behavior: /// - /// * The computed offset, `count * size_of::<T>()` bytes, must not overflow `isize`. + /// * The computed offset, `count * size_of::<T>()` bytes (using unbounded arithmetic), + /// must fit in an `isize`. /// /// * If the computed offset is non-zero, then `self` must be derived from a pointer to some /// [allocated object], and the entire memory range between `self` and the result must be in |