rust-lang/rust
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

note some safety concerns of raw-ptr-to-ref casts

Browse Source
This commit is contained in:
Ralf Jung
2019-06-12 23:23:34 +02:00
parent 55cee44671
commit 00bae8774c
1 changed files with 35 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
src/libcore/ptr/mod.rs
View File

@@ -984,8 +984,17 @@ impl<T: ?Sized> *const T {
/// operation because the returned value could be pointing to invalid /// operation because the returned value could be pointing to invalid
/// memory. /// memory.
/// ///
/// When calling this method, you have to ensure that if the pointer is
/// non-NULL, then it is properly aligned, dereferencable (for the whole
/// size of `T`) and points to an initialized instance of `T`. This applies
/// even if the result of this method is unused!
/// (The part about being initialized is not yet fully decided, but until
/// it is, the only safe approach is to ensure that they are indeed initialized.)
///
/// Additionally, the lifetime `'a` returned is arbitrarily chosen and does /// Additionally, the lifetime `'a` returned is arbitrarily chosen and does
/// not necessarily reflect the actual lifetime of the data. /// not necessarily reflect the actual lifetime of the data. It is up to the
/// caller to ensure that for the duration of this lifetime, the memory this
/// pointer points to does not get written to outside of `UnsafeCell<U>`.
/// ///
/// # Examples /// # Examples
/// ///
@@ -1610,8 +1619,17 @@ impl<T: ?Sized> *mut T {
/// operation because the returned value could be pointing to invalid /// operation because the returned value could be pointing to invalid
/// memory. /// memory.
/// ///
/// When calling this method, you have to ensure that if the pointer is
/// non-NULL, then it is properly aligned, dereferencable (for the whole
/// size of `T`) and points to an initialized instance of `T`. This applies
/// even if the result of this method is unused!
/// (The part about being initialized is not yet fully decided, but until
/// it is, the only safe approach is to ensure that they are indeed initialized.)
///
/// Additionally, the lifetime `'a` returned is arbitrarily chosen and does /// Additionally, the lifetime `'a` returned is arbitrarily chosen and does
/// not necessarily reflect the actual lifetime of the data. /// not necessarily reflect the actual lifetime of the data. It is up to the
/// caller to ensure that for the duration of this lifetime, the memory this
/// pointer points to does not get written to outside of `UnsafeCell<U>`.
/// ///
/// # Examples /// # Examples
/// ///
@@ -1755,10 +1773,24 @@ impl<T: ?Sized> *mut T {
/// ///
/// # Safety /// # Safety
/// ///
/// As with `as_ref`, this is unsafe because it cannot verify the validity /// As with [`as_ref`], this is unsafe because it cannot verify the validity
/// of the returned pointer, nor can it ensure that the lifetime `'a` /// of the returned pointer, nor can it ensure that the lifetime `'a`
/// returned is indeed a valid lifetime for the contained data. /// returned is indeed a valid lifetime for the contained data.
/// ///
/// When calling this method, you have to ensure that if the pointer is
/// non-NULL, then it is properly aligned, dereferencable (for the whole
/// size of `T`) and points to an initialized instance of `T`. This applies
/// even if the result of this method is unused!
/// (The part about being initialized is not yet fully decided, but until
/// it is the only safe approach is to ensure that they are indeed initialized.)
///
/// Additionally, the lifetime `'a` returned is arbitrarily chosen and does
/// not necessarily reflect the actual lifetime of the data. It is up to the
/// caller to ensure that for the duration of this lifetime, the memory this
/// pointer points to does not get accessed through any other pointer.
///
/// [`as_ref`]: #method.as_ref
///
/// # Examples /// # Examples
/// ///
/// Basic usage: /// Basic usage: