Skip to content

Commit ea5570c

Browse files
ecstatic-morseRalfJung
ecstatic-morse
authored and
RalfJung
committed
Redefine range validity
Uses `x.offset(i)` must be valid for all `i` in `0..count`.
1 parent e40585f commit ea5570c

File tree

2 files changed

+27
-30
lines changed

2 files changed

+27
-30
lines changed

src/libcore/intrinsics.rs

Lines changed: 21 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -976,17 +976,17 @@ extern "rust-intrinsic" {
976976
///
977977
/// Behavior is undefined if any of the following conditions are violated:
978978
///
979-
/// * Both `src` and `dst` must be [valid].
980-
///
981979
/// * Both `src` and `dst` must be properly aligned.
982980
///
983-
/// * `src.offset(count-1)` must be [valid]. In other words, the region of
984-
/// memory which begins at `src` and has a length of `count *
985-
/// size_of::<T>()` bytes must belong to a single, live allocation.
981+
/// * `src.offset(i)` must be [valid] for all `i` in `0..count`. In other
982+
/// words, the region of memory which begins at `src` and has a length of
983+
/// `count * size_of::<T>()` bytes must belong to a single, live
984+
/// allocation.
986985
///
987-
/// * `dst.offset(count-1)` must be [valid]. In other words, the region of
988-
/// memory which begins at `dst` and has a length of `count *
989-
/// size_of::<T>()` bytes must belong to a single, live allocation.
986+
/// * `dst.offset(i)` must be [valid] for all `i` in `0..count`. In other
987+
/// words, the region of memory which begins at `dst` and has a length of
988+
/// `count * size_of::<T>()` bytes must belong to a single, live
989+
/// allocation.
990990
///
991991
/// * The two regions of memory must *not* overlap.
992992
///
@@ -1064,17 +1064,17 @@ extern "rust-intrinsic" {
10641064
///
10651065
/// Behavior is undefined if any of the following conditions are violated:
10661066
///
1067-
/// * Both `src` and `dst` must be [valid].
1068-
///
10691067
/// * Both `src` and `dst` must be properly aligned.
10701068
///
1071-
/// * `src.offset(count-1)` must be [valid]. In other words, the region of
1072-
/// memory which begins at `src` and has a length of `count *
1073-
/// size_of::<T>()` bytes must belong to a single, live allocation.
1069+
/// * `src.offset(i)` must be [valid] for all `i` in `0..count`. In other
1070+
/// words, the region of memory which begins at `src` and has a length of
1071+
/// `count * size_of::<T>()` bytes must belong to a single, live
1072+
/// allocation.
10741073
///
1075-
/// * `dst.offset(count-1)` must be [valid]. In other words, the region of
1076-
/// memory which begins at `dst` and has a length of `count *
1077-
/// size_of::<T>()` bytes must belong to a single, live allocation.
1074+
/// * `dst.offset(i)` must be [valid] for all `i` in `0..count`. In other
1075+
/// words, the region of memory which begins at `dst` and has a length of
1076+
/// `count * size_of::<T>()` bytes must belong to a single, live
1077+
/// allocation.
10781078
///
10791079
/// Like [`read`], `copy` creates a bitwise copy of `T`, regardless of
10801080
/// whether `T` is [`Copy`]. If `T` is not [`Copy`], using both the values
@@ -1116,14 +1116,13 @@ extern "rust-intrinsic" {
11161116
///
11171117
/// Behavior is undefined if any of the following conditions are violated:
11181118
///
1119-
/// * `dst` must be [valid].
1120-
///
1121-
/// * `dst.offset(count-1)` must be [valid]. In other words, the region of
1122-
/// memory which begins at `dst` and has a length of `count *
1123-
/// size_of::<T>()` bytes must belong to a single, live allocation.
1124-
///
11251119
/// * `dst` must be properly aligned.
11261120
///
1121+
/// * `dst.offset(i)` must be [valid] for all `i` in `0..count`. In other
1122+
/// words, the region of memory which begins at `dst` and has a length of
1123+
/// `count * size_of::<T>()` bytes must belong to a single, live
1124+
/// allocation.
1125+
///
11271126
/// Additionally, the caller must ensure that writing `count *
11281127
/// size_of::<T>()` bytes to the given region of memory results in a valid
11291128
/// value of `T`. Creating an invalid value of `T` can result in undefined

src/libcore/ptr.rs

Lines changed: 6 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -240,17 +240,15 @@ pub unsafe fn swap<T>(x: *mut T, y: *mut T) {
240240
///
241241
/// Behavior is undefined if any of the following conditions are violated:
242242
///
243-
/// * Both `x` and `y` must be [valid].
244-
///
245243
/// * Both `x` and `y` must be properly aligned.
246244
///
247-
/// * `x.offset(count-1)` must be [valid]. In other words, the region of memory
248-
/// which begins at `x` and has a length of `count * size_of::<T>()` bytes
249-
/// must belong to a single, live allocation.
245+
/// * `x.offset(i)` must be [valid] for all `i` in `0..count`. In other words,
246+
/// the region of memory which begins at `x` and has a length of `count *
247+
/// size_of::<T>()` bytes must belong to a single, live allocation.
250248
///
251-
/// * `y.offset(count-1)` must be [valid]. In other words, the region of memory
252-
/// which begins at `y` and has a length of `count * size_of::<T>()` bytes
253-
/// must belong to a single, live allocation.
249+
/// * `y.offset(i)` must be [valid] for all `i` in `0..count`. In other words,
250+
/// the region of memory which begins at `y` and has a length of `count *
251+
/// size_of::<T>()` bytes must belong to a single, live allocation.
254252
///
255253
/// * The two regions of memory must *not* overlap.
256254
///

0 commit comments

Comments
 (0)