diff options
| author | Hanif Bin Ariffin <hanif.ariffin.4326@gmail.com> | 2020-04-25 19:39:40 -0400 |
|---|---|---|
| committer | Hanif Bin Ariffin <hanif.ariffin.4326@gmail.com> | 2020-06-13 15:06:22 -0400 |
| commit | 9e8b42c02bfa348b024ad07652e860b125345acf (patch) | |
| tree | 5cf593b4a3513a5a09e3cdc9ea9c2acc1b8e947c | |
| parent | 7349f2c6a3a02885449c951852af4bc4a7678b8a (diff) | |
| download | rust-9e8b42c02bfa348b024ad07652e860b125345acf.tar.gz rust-9e8b42c02bfa348b024ad07652e860b125345acf.zip | |
Added unsafety documentation to shift_tail
This is just the reverse of shift_head.
| -rw-r--r-- | src/libcore/slice/sort.rs | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/src/libcore/slice/sort.rs b/src/libcore/slice/sort.rs index 3c14647f3c7..0177c5a9ffd 100644 --- a/src/libcore/slice/sort.rs +++ b/src/libcore/slice/sort.rs @@ -76,6 +76,20 @@ where F: FnMut(&T, &T) -> bool, { let len = v.len(); + // SAFETY: As with shift_head, the unsafe operations below involves indexing without a bound check (`get_unchecked` and `get_unchecked_mut`) + // and copying memory (`ptr::copy_nonoverlapping`). + // + // a. Indexing: + // 1. We checked the size of the array to >=2. + // 2. All the indexing that we will do is always between {0 <= index < len-1} at most. + // + // b. Memory copying + // 1. We are obtaining pointers to references which are guaranteed to be valid. + // 2. They cannot overlap because we obtain pointers to difference indices of the slice. + // Namely, `i` and `i+1`. + // 3. FIXME: Guarantees that the elements are properly aligned? + // + // See comments below for further detail. unsafe { // If the last two elements are out-of-order... if len >= 2 && is_less(v.get_unchecked(len - 1), v.get_unchecked(len - 2)) { |