@@ -2158,7 +2158,7 @@ pub const fn validity_invariants_of<T>() -> &'static [Invariant] {
21582158 let invariants: & ' static [ u8 ] = validity_invariants_of :: < T > ( ) ;
21592159 let sz = invariants. len ( ) / core:: mem:: size_of :: < Invariant > ( ) ;
21602160
2161- // SAFETY: we know this is valid.
2161+ // SAFETY: we know this is valid because the intrinsic promises an aligned slice .
21622162 unsafe { core:: slice:: from_raw_parts ( invariants. as_ptr ( ) . cast ( ) , sz) }
21632163}
21642164
@@ -2428,17 +2428,21 @@ pub(crate) const unsafe fn assert_validity_of<T>(_: *const T) -> bool {
24282428/// Asserts that the value at `value` is valid at type T.
24292429/// Best effort, and is UB if the value is invalid.
24302430pub ( crate ) unsafe fn assert_validity_of < T > ( value : * const T ) -> bool {
2431+ // We have to do this, since we call assert_validity_of inside MaybeUninit::assume_init
2432+ // and if we had used ptr::read_unaligned, that would be a recursive call.
24312433 #[ repr( packed) ]
24322434 struct Unaligned < T > ( T ) ;
24332435
2434- // SAFETY:
2436+ // SAFETY: The pointer dereferences here are valid if `value` is valid.
2437+ // though TODO: introduce a new size for "pointer", since reading a pointer as an int *is* UB.
24352438 unsafe {
24362439 let invariants = validity_invariants_of :: < T > ( ) ;
24372440 for invariant in invariants {
24382441 let off = invariant. offset as usize ;
24392442 let start = invariant. start ;
24402443 let end = invariant. end ;
24412444
2445+ // TODO: Maybe replace this with an enum?
24422446 let ( value, max) : ( u128 , u128 ) = match invariant. size {
24432447 1 => ( ( * ( value. cast :: < u8 > ( ) . add ( off) ) ) . into ( ) , u8:: MAX . into ( ) ) ,
24442448 2 => (
0 commit comments