diff options
| author | Frank Steffahn <frank.steffahn@stu.uni-kiel.de> | 2021-07-01 23:01:16 +0200 |
|---|---|---|
| committer | Frank Steffahn <frank.steffahn@stu.uni-kiel.de> | 2021-07-28 14:33:37 +0200 |
| commit | 6d9c0a16d9398b2eb24582f60f47affc119eb0af (patch) | |
| tree | 8c5d60576aff33a8314f67b2bb5eb89429d4a431 /library/alloc/src/vec | |
| parent | 89583e98e8b79c62ec70d791c9d4453decce1b5b (diff) | |
| download | rust-6d9c0a16d9398b2eb24582f60f47affc119eb0af.tar.gz rust-6d9c0a16d9398b2eb24582f60f47affc119eb0af.zip | |
Documentation improvements
Diffstat (limited to 'library/alloc/src/vec')
| -rw-r--r-- | library/alloc/src/vec/source_iter_marker.rs | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/library/alloc/src/vec/source_iter_marker.rs b/library/alloc/src/vec/source_iter_marker.rs index 4c06c044e1a..23a2e313c01 100644 --- a/library/alloc/src/vec/source_iter_marker.rs +++ b/library/alloc/src/vec/source_iter_marker.rs @@ -71,6 +71,18 @@ where // drop any remaining values at the tail of the source // but prevent drop of the allocation itself once IntoIter goes out of scope // if the drop panics then we also leak any elements collected into dst_buf + // + // FIXME: Since `SpecInPlaceCollect::collect_in_place` above might use + // `__iterator_get_unchecked` internally, this call might be operating on + // a `vec::IntoIter` with incorrect internal state regarding which elements + // have already been “consumed”. However, the `TrustedRandomIteratorNoCoerce` + // implementation of `vec::IntoIter` is only present if the `Vec` elements + // don’t have a destructor, so it doesn’t matter if elements are “dropped multiple times” + // in this case. + // This argument technically currently lacks justification from the `# Safety` docs for + // `SourceIter`/`InPlaceIterable` and/or `TrustedRandomAccess`, so it might be possible that + // someone could inadvertently create new library unsoundness + // involving this `.forget_allocation_drop_remaining()` call. src.forget_allocation_drop_remaining(); let vec = unsafe { Vec::from_raw_parts(dst_buf, len, cap) }; @@ -101,8 +113,11 @@ fn write_in_place_with_drop<T>( trait SpecInPlaceCollect<T, I>: Iterator<Item = T> { /// Collects an iterator (`self`) into the destination buffer (`dst`) and returns the number of items /// collected. `end` is the last writable element of the allocation and used for bounds checks. - // FIXME: Clarify safety conditions. Iterator must not be coerced to a subtype - // after this call due to potential use of [`TrustedRandomAccessNoCoerce`]. + /// + /// This method is specialized and one of its implementations makes use of + /// `Iterator::__iterator_get_unchecked` calls with a `TrustedRandomAccessNoCoerce` bound + /// on `I` which means the caller of this method must take the safety conditions + /// of that trait into consideration. fn collect_in_place(&mut self, dst: *mut T, end: *const T) -> usize; } |