diff options
| author | Scott McMurray <scottmcm@users.noreply.github.com> | 2018-12-15 16:33:23 -0800 |
|---|---|---|
| committer | Scott McMurray <scottmcm@users.noreply.github.com> | 2018-12-15 16:33:23 -0800 |
| commit | 08155314889e9c9b4cb0e35c117cc4ba93c29388 (patch) | |
| tree | 55f383c18e53e9826090a28c839238c67977174e /src | |
| parent | 7f9883d79e517741dd3531688d026b1fa4a2a0ad (diff) | |
| download | rust-08155314889e9c9b4cb0e35c117cc4ba93c29388.tar.gz rust-08155314889e9c9b4cb0e35c117cc4ba93c29388.zip | |
Add a note about why the unsafe is sound
Diffstat (limited to 'src')
| -rw-r--r-- | src/liballoc/collections/vec_deque.rs | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/liballoc/collections/vec_deque.rs b/src/liballoc/collections/vec_deque.rs index 954a1c8becf..5171ca254e4 100644 --- a/src/liballoc/collections/vec_deque.rs +++ b/src/liballoc/collections/vec_deque.rs @@ -2018,13 +2018,23 @@ impl<T> VecDeque<T> { } } + // Safety: the following two methods require that the rotation amount + // be less than half the length of the deque. + // + // `wrap_copy` requres that `min(x, cap() - x) + copy_len <= cap()`, + // but than `min` is never more than half the capacity, regardless of x, + // so it's sound to call here because we're calling with something + // less than half the length, which is never above half the capacity. + unsafe fn rotate_left_inner(&mut self, mid: usize) { + debug_assert!(mid * 2 <= self.len()); self.wrap_copy(self.head, self.tail, mid); self.head = self.wrap_add(self.head, mid); self.tail = self.wrap_add(self.tail, mid); } unsafe fn rotate_right_inner(&mut self, k: usize) { + debug_assert!(k * 2 <= self.len()); self.head = self.wrap_sub(self.head, k); self.tail = self.wrap_sub(self.tail, k); self.wrap_copy(self.tail, self.head, k); |