Skip to content

Commit 02f9167

Browse files
committed
Have tidy ensure that we document all unsafe blocks in libcore
1 parent e8b190a commit 02f9167

File tree

41 files changed

+137
-5
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

41 files changed

+137
-5
lines changed

src/libcore/alloc.rs

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,7 @@
11
//! Memory allocation APIs
22
3+
// ignore-tidy-undocumented-unsafe
4+
35
#![stable(feature = "alloc_module", since = "1.28.0")]
46

57
use crate::cmp;

src/libcore/any.rs

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -182,6 +182,7 @@ impl dyn Any {
182182
#[inline]
183183
pub fn downcast_ref<T: Any>(&self) -> Option<&T> {
184184
if self.is::<T>() {
185+
// SAFETY: just checked whether we are pointing to the correct type
185186
unsafe {
186187
Some(&*(self as *const dyn Any as *const T))
187188
}
@@ -217,6 +218,7 @@ impl dyn Any {
217218
#[inline]
218219
pub fn downcast_mut<T: Any>(&mut self) -> Option<&mut T> {
219220
if self.is::<T>() {
221+
// SAFETY: just checked whether we are pointing to the correct type
220222
unsafe {
221223
Some(&mut *(self as *mut dyn Any as *mut T))
222224
}
@@ -424,7 +426,11 @@ impl TypeId {
424426
#[rustc_const_unstable(feature="const_type_id")]
425427
pub const fn of<T: ?Sized + 'static>() -> TypeId {
426428
TypeId {
429+
#[cfg(boostrap_stdarch_ignore_this)]
430+
// SAFETY: going away soon
427431
t: unsafe { intrinsics::type_id::<T>() },
432+
#[cfg(not(boostrap_stdarch_ignore_this))]
433+
t: intrinsics::type_id::<T>(),
428434
}
429435
}
430436
}

src/libcore/array/mod.rs

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -156,6 +156,7 @@ where
156156
fn try_from(slice: &[T]) -> Result<&[T; N], TryFromSliceError> {
157157
if slice.len() == N {
158158
let ptr = slice.as_ptr() as *const [T; N];
159+
// SAFETY: ok because we just checked that the length fits
159160
unsafe { Ok(&*ptr) }
160161
} else {
161162
Err(TryFromSliceError(()))
@@ -173,6 +174,7 @@ where
173174
fn try_from(slice: &mut [T]) -> Result<&mut [T; N], TryFromSliceError> {
174175
if slice.len() == N {
175176
let ptr = slice.as_mut_ptr() as *mut [T; N];
177+
// SAFETY: ok because we just checked that the length fits
176178
unsafe { Ok(&mut *ptr) }
177179
} else {
178180
Err(TryFromSliceError(()))

src/libcore/ascii.rs

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -135,6 +135,7 @@ impl FusedIterator for EscapeDefault {}
135135
#[stable(feature = "ascii_escape_display", since = "1.39.0")]
136136
impl fmt::Display for EscapeDefault {
137137
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
138+
// SAFETY: ok because `escape_default` created only valid utf-8 data
138139
f.write_str(unsafe { from_utf8_unchecked(&self.data[self.range.clone()]) })
139140
}
140141
}

src/libcore/benches/ascii.rs

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -118,6 +118,7 @@ benches! {
118118
}
119119

120120
fn case07_fake_simd_u32(bytes: &mut [u8]) {
121+
// SAFETY: transmuting a sequence of `u8` to `u32` is always fine
121122
let (before, aligned, after) = unsafe {
122123
bytes.align_to_mut::<u32>()
123124
};
@@ -142,6 +143,7 @@ benches! {
142143
}
143144

144145
fn case08_fake_simd_u64(bytes: &mut [u8]) {
146+
// SAFETY: transmuting a sequence of `u8` to `u64` is always fine
145147
let (before, aligned, after) = unsafe {
146148
bytes.align_to_mut::<u64>()
147149
};

src/libcore/cell.rs

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -182,6 +182,8 @@
182182
//! ```
183183
//!
184184
185+
// ignore-tidy-undocumented-unsafe
186+
185187
#![stable(feature = "rust1", since = "1.0.0")]
186188

187189
use crate::cmp::Ordering;

src/libcore/char/convert.rs

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -224,6 +224,7 @@ impl TryFrom<u32> for char {
224224
if (i > MAX as u32) || (i >= 0xD800 && i <= 0xDFFF) {
225225
Err(CharTryFromError(()))
226226
} else {
227+
// SAFETY: checked that it's a legal unicode value
227228
Ok(unsafe { from_u32_unchecked(i) })
228229
}
229230
}

src/libcore/char/decode.rs

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -87,7 +87,7 @@ impl<I: Iterator<Item = u16>> Iterator for DecodeUtf16<I> {
8787
};
8888

8989
if u < 0xD800 || 0xDFFF < u {
90-
// not a surrogate
90+
// SAFETY: not a surrogate
9191
Some(Ok(unsafe { from_u32_unchecked(u as u32) }))
9292
} else if u >= 0xDC00 {
9393
// a trailing surrogate
@@ -107,6 +107,7 @@ impl<I: Iterator<Item = u16>> Iterator for DecodeUtf16<I> {
107107

108108
// all ok, so lets decode it.
109109
let c = (((u - 0xD800) as u32) << 10 | (u2 - 0xDC00) as u32) + 0x1_0000;
110+
// SAFETY: we checked that it's a legal unicode value
110111
Some(Ok(unsafe { from_u32_unchecked(c) }))
111112
}
112113
}

src/libcore/char/methods.rs

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -438,6 +438,7 @@ impl char {
438438
#[inline]
439439
pub fn encode_utf8(self, dst: &mut [u8]) -> &mut str {
440440
let code = self as u32;
441+
// SAFETY: each arm checks the size of the slice and only uses `get_unchecked` unsafe ops
441442
unsafe {
442443
let len = if code < MAX_ONE_B && !dst.is_empty() {
443444
*dst.get_unchecked_mut(0) = code as u8;
@@ -507,6 +508,7 @@ impl char {
507508
#[inline]
508509
pub fn encode_utf16(self, dst: &mut [u16]) -> &mut [u16] {
509510
let mut code = self as u32;
511+
// SAFETY: each arm checks whether there are enough bits to write into
510512
unsafe {
511513
if (code & 0xFFFF) == code && !dst.is_empty() {
512514
// The BMP falls through (assuming non-surrogate, as it should)

src/libcore/ffi.rs

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -315,6 +315,7 @@ impl<'f> Clone for VaListImpl<'f> {
315315
#[inline]
316316
fn clone(&self) -> Self {
317317
let mut dest = crate::mem::MaybeUninit::uninit();
318+
// SAFETY: we write to the `MaybeUninit`, thus it is initialized and `assume_init` is legal
318319
unsafe {
319320
va_copy(dest.as_mut_ptr(), self);
320321
dest.assume_init()

0 commit comments

Comments
 (0)