diff options
| author | bors <bors@rust-lang.org> | 2025-09-13 23:02:12 +0000 |
|---|---|---|
| committer | bors <bors@rust-lang.org> | 2025-09-13 23:02:12 +0000 |
| commit | a015919e54c60b1b2bec7a98dec478cfc4a48f4e (patch) | |
| tree | 8a1fc4a0c27ec87edc0d0449bb4fa3dab130bab6 /library/core/src | |
| parent | 02c7b1a7ac1d739663878030510508372e46f254 (diff) | |
| parent | da1c27df16075d9ebb28a94cf9b400e89c476233 (diff) | |
| download | rust-a015919e54c60b1b2bec7a98dec478cfc4a48f4e.tar.gz rust-a015919e54c60b1b2bec7a98dec478cfc4a48f4e.zip | |
Auto merge of #146526 - jhpratt:rollup-afb1dgo, r=jhpratt
Rollup of 8 pull requests Successful merges: - rust-lang/rust#113095 (Document `become` keyword) - rust-lang/rust#146159 (Some hygiene doc improvements) - rust-lang/rust#146171 (tidy: check that error messages don't start with a capitalized letter) - rust-lang/rust#146419 (Update the arm-* and aarch64-* platform docs.) - rust-lang/rust#146473 (Revert "Constify SystemTime methods") - rust-lang/rust#146506 (Fix small typo in check-cfg.md) - rust-lang/rust#146517 (fix Condvar::wait_timeout docs) - rust-lang/rust#146521 (document `core::ffi::VaArgSafe`) r? `@ghost` `@rustbot` modify labels: rollup
Diffstat (limited to 'library/core/src')
| -rw-r--r-- | library/core/src/ffi/va_list.rs | 29 |
1 files changed, 23 insertions, 6 deletions
diff --git a/library/core/src/ffi/va_list.rs b/library/core/src/ffi/va_list.rs index 88ad1197777..643bd95df84 100644 --- a/library/core/src/ffi/va_list.rs +++ b/library/core/src/ffi/va_list.rs @@ -202,18 +202,23 @@ mod sealed { impl<T> Sealed for *const T {} } -/// Trait which permits the allowed types to be used with [`VaListImpl::arg`]. +/// Types that are valid to read using [`VaListImpl::arg`]. /// /// # Safety /// -/// This trait must only be implemented for types that C passes as varargs without implicit promotion. +/// The standard library implements this trait for primitive types that are +/// expected to have a variable argument application-binary interface (ABI) on all +/// platforms. /// -/// In C varargs, integers smaller than [`c_int`] and floats smaller than [`c_double`] -/// are implicitly promoted to [`c_int`] and [`c_double`] respectively. Implementing this trait for -/// types that are subject to this promotion rule is invalid. +/// When C passes variable arguments, integers smaller than [`c_int`] and floats smaller +/// than [`c_double`] are implicitly promoted to [`c_int`] and [`c_double`] respectively. +/// Implementing this trait for types that are subject to this promotion rule is invalid. /// /// [`c_int`]: core::ffi::c_int /// [`c_double`]: core::ffi::c_double +// We may unseal this trait in the future, but currently our `va_arg` implementations don't support +// types with an alignment larger than 8, or with a non-scalar layout. Inline assembly can be used +// to accept unsupported types in the meantime. pub unsafe trait VaArgSafe: sealed::Sealed {} // i8 and i16 are implicitly promoted to c_int in C, and cannot implement `VaArgSafe`. @@ -233,7 +238,19 @@ unsafe impl<T> VaArgSafe for *mut T {} unsafe impl<T> VaArgSafe for *const T {} impl<'f> VaListImpl<'f> { - /// Advance to the next arg. + /// Advance to and read the next variable argument. + /// + /// # Safety + /// + /// This function is only sound to call when the next variable argument: + /// + /// - has a type that is ABI-compatible with the type `T` + /// - has a value that is a properly initialized value of type `T` + /// + /// Calling this function with an incompatible type, an invalid value, or when there + /// are no more variable arguments, is unsound. + /// + /// [valid]: https://doc.rust-lang.org/nightly/nomicon/what-unsafe-does.html #[inline] pub unsafe fn arg<T: VaArgSafe>(&mut self) -> T { // SAFETY: the caller must uphold the safety contract for `va_arg`. |