| Age | Commit message (Collapse) | Author | Lines |
|---|
|
|
|
Only use read_unaligned in transmute_copy if necessary
I've noticed that this causes LLVM to generate poor code on targets that don't support unaligned memory accesses.
|
|
|
|
This adds a hint on `mem::replace`, "if you don't need the old value,
you can just assign the new value directly". This is in similar spirit
to the `must_use` on `ManuallyDrop::take`.
|
|
Allow calculating the layout behind a pointer
There was some discussion around allowing this previously.
This does make the requirement for raw pointers to have valid metadata exposed as part of the std API (as a safety invariant, not validity invariant), though I think this is not strictly necessarily required as of current. cc @rust-lang/wg-unsafe-code-guidelines
Naming is hard; I picked the best "obvious" name I could come up with.
If it's agreed that this is actually a desired API surface, I'll file a tracking issue and update the attributes.
|
|
Let align/size_of_of_val intrinsics work on ptrs
|
|
Co-Authored-By: lzutao <taolzu@gmail.com>
|
|
Co-Authored-By: Ralf Jung <post@ralfj.de>
|
|
As pointed out by Ralf Jung, dangling references and boxes are
undefined behavior as per
https://doc.rust-lang.org/reference/behavior-considered-undefined.html
and the Miri checker.
|
|
As discussed on reddit, this commit addresses two issues with the
documentation of `mem::forget()`:
* The documentation of `mem::forget()` can confuse the reader because of the
discrepancy between usage examples that show correct usage and the
accompanying text which speaks of the possibility of double-free. The
text that says "if the panic occurs before `mem::forget` was called"
refers to a variant of the second example that was never shown, modified
to use `mem::forget` instead of `ManuallyDrop`. Ideally the documentation
should show both variants, so it's clear what it's talking about.
Also, the double free could be fixed just by placing `mem::forget(v)`
before the construction of `s`. Since the lifetimes of `s` and `v`
wouldn't overlap, there would be no point where panic could cause a double
free. This could be mentioned, and contrasted against the more robust fix
of using `ManuallyDrop`.
* This sentence seems unjustified: "For some types, operations such as
passing ownership (to a funcion like `mem::forget`) requires them to
actually be fully owned right now [...]". Unlike C++, Rust has no move
constructors, its moves are (possibly elided) bitwise copies. Even if you
pass an invalid object to `mem::forget`, no harm should come to pass
because `mem::forget` consumes the object and exists solely to prevent
drop, so there no one left to observe the invalid state state.
|
|
implement zeroed and uninitialized with MaybeUninit
This is the second attempt of doing such a change (first PR: https://github.com/rust-lang/rust/pull/62150). The last change [got reverted](https://github.com/rust-lang/rust/pull/63343) because it [caused](https://github.com/rust-lang/rust/issues/62825) some [issues](https://github.com/rust-lang/rust/issues/52898#issuecomment-512182438) in [code that incorrectly used these functions](https://github.com/erlepereira/x11-rs/issues/99).
Since then, the [problematic code has been fixed](https://github.com/erlepereira/x11-rs/pull/101), and rustc [gained a lint](https://github.com/rust-lang/rust/pull/63346) that is able to detect many misuses of these functions statically and a [dynamic check that panics](https://github.com/rust-lang/rust/pull/66059) instead of causing UB for some incorrect uses.
Fixes https://github.com/rust-lang/rust/issues/62825
|
|
|
|
|
|
|
|
make `mem::discriminant` const
implements #69821, which could be used as a tracking issue for `const_discriminant`.
Should this be added to the meta tracking issue #57563?
@Lokathor
|
|
mem::zeroed/uninit: panic on types that do not permit zero-initialization
r? @eddyb @oli-obk
Cc https://github.com/rust-lang/rust/issues/62825
Also see [this summary comment](https://github.com/rust-lang/rust/pull/66059#issuecomment-586734747)
|
|
|
|
|
|
|
|
|
|
|
|
Suggested by @ametisf in https://github.com/rust-lang/rust/pull/65948#issuecomment-589988183
Co-Authored-By: Frantisek Fladung <fladufra@fel.cvut.cz>
|
|
|
|
Eg. mem::replace()
|
|
|
|
|
|
|
|
|
|
Require stable/unstable annotations for the constness of all stable fns with a const modifier
r? @RalfJung @Centril
Every `#[stable]` const fn now needs either a `#[rustc_const_unstable]` attribute or a `#[rustc_const_stable]` attribute. You can't silently stabilize the constness of a function anymore.
|
|
MaybeUninit::uninit().assume_init()
|
|
functions with a `const` modifier
|
|
Implement Debug for MaybeUninit
Precedent: `UnsafeCell` implements `Debug` even though it can't actually display the value. I noticed this omission while writing the following:
```
#[derive(Debug)]
pub struct SliceInitializer<'a, T> {
marker: PhantomData<&'a mut T>,
uninit: &'a mut [MaybeUninit<T>],
written: usize,
}
```
...which currently unergonomically fails to compile.
`UnsafeCell` does require `T: Debug`. Because of things like the above I think it'd be better to leave that requirement off. In fact, I'd also suggest removing that requirement for `UnsafeCell` too, which again I noticed in some low-level real world code.
|
|
This commit applies rustfmt with default settings to files in
src/libcore *that are not involved in any currently open PR* to minimize
merge conflicts. The list of files involved in open PRs was determined
by querying GitHub's GraphQL API with this script:
https://gist.github.com/dtolnay/aa9c34993dc051a4f344d1b10e4487e8
With the list of files from the script in `outstanding_files`, the
relevant commands were:
$ find src/libcore -name '*.rs' | xargs rustfmt --edition=2018
$ rg libcore outstanding_files | xargs git checkout --
Repeating this process several months apart should get us coverage of
most of the rest of libcore.
|
|
mem::forget docs: mention ManuallyDrop
Cc @SimonSapin @Centril
|
|
|
|
|
|
invalid_value lint: use diagnostic items
This adjusts the invalid_value lint to use diagnostic items.
@Centril @oli-obk For some reason, this fails to recognize `transmute` -- somehow the diagnostic item is not found. Any idea why?
r? @Centril
Cc https://github.com/rust-lang/rust/issues/66075
|
|
|
|
Add `MaybeUninit` methods `uninit_array`, `slice_get_ref`, `slice_get_mut`
Eventually these will hopefully become the idiomatic way to work with partially-initialized stack buffers.
All methods are unstable. Note that `uninit_array` takes a type-level `const usize` parameter, so it is blocked (at least in its current form) on const generics.
Example:
```rust
use std::mem::MaybeUninit;
let input = b"Foo";
let f = u8::to_ascii_uppercase;
let mut buffer: [MaybeUninit<u8>; 32] = MaybeUninit::uninit_array();
let vec;
let output = if let Some(buffer) = buffer.get_mut(..input.len()) {
buffer.iter_mut().zip(input).for_each(|(a, b)| { a.write(f(b)); });
unsafe { MaybeUninit::slice_get_ref(buffer) }
} else {
vec = input.iter().map(f).collect::<Vec<u8>>();
&vec
};
assert_eq!(output, b"FOO");
```
|
|
Precedent: UnsafeCell implements Debug even though it can't actually
display the value.
|
|
Have tidy ensure that we document all `unsafe` blocks in libcore
cc @rust-lang/libs
I documented a few and added ignore flags on the other files. We can incrementally document the files, but won't regress any files this way.
|
|
|
|
Co-Authored-By: Mazdak Farrokhzad <twingoow@gmail.com>
|
|
|
|
Improve uninit/zeroed lint
* Also warn when creating a raw pointer with a NULL vtable.
* Also identify `MaybeUninit::uninit().assume_init()` and `MaybeUninit::zeroed().assume_init()` as dangerous.
|
|
|
|
|
|
|
|
Co-Authored-By: Ralf Jung <post@ralfj.de>
|
|
|
