diff --git a/src/libcore/ptr/mod.rs b/src/libcore/ptr/mod.rs index 5a75730cf2bd4..526cdb2054cd0 100644 --- a/src/libcore/ptr/mod.rs +++ b/src/libcore/ptr/mod.rs @@ -65,8 +65,6 @@ //! [`write_volatile`]: ./fn.write_volatile.html //! [`NonNull::dangling`]: ./struct.NonNull.html#method.dangling -// ignore-tidy-undocumented-unsafe - #![stable(feature = "rust1", since = "1.0.0")] use crate::intrinsics; @@ -251,6 +249,7 @@ pub(crate) struct FatPtr { #[inline] #[unstable(feature = "slice_from_raw_parts", reason = "recently added", issue = "36925")] pub fn slice_from_raw_parts(data: *const T, len: usize) -> *const [T] { + // SAFETY: FatPtr.data and Repr.rust are both usize in the same location unsafe { Repr { raw: FatPtr { data, len } }.rust } } @@ -267,6 +266,7 @@ pub fn slice_from_raw_parts(data: *const T, len: usize) -> *const [T] { #[inline] #[unstable(feature = "slice_from_raw_parts", reason = "recently added", issue = "36925")] pub fn slice_from_raw_parts_mut(data: *mut T, len: usize) -> *mut [T] { + // SAFETY: FatPtr.data and Repr.rust_mut are both usize in the same location unsafe { Repr { raw: FatPtr { data, len } }.rust_mut } } @@ -1233,6 +1233,7 @@ impl *const T { #[stable(feature = "ptr_wrapping_offset", since = "1.16.0")] #[inline] pub fn wrapping_offset(self, count: isize) -> *const T where T: Sized { + // SAFETY: see documentation unsafe { intrinsics::arith_offset(self, count) } @@ -1723,6 +1724,7 @@ impl *const T { if !align.is_power_of_two() { panic!("align_offset: align is not a power-of-two"); } + // SAFETY: align is a power of two unsafe { align_offset(self, align) } @@ -1931,6 +1933,7 @@ impl *mut T { #[stable(feature = "ptr_wrapping_offset", since = "1.16.0")] #[inline] pub fn wrapping_offset(self, count: isize) -> *mut T where T: Sized { + // SAFETY: see documentation unsafe { intrinsics::arith_offset(self, count) as *mut T } @@ -2574,6 +2577,7 @@ impl *mut T { if !align.is_power_of_two() { panic!("align_offset: align is not a power-of-two"); } + // SAFETY: align is a power of two unsafe { align_offset(self, align) } diff --git a/src/libcore/ptr/non_null.rs b/src/libcore/ptr/non_null.rs index 7599991f0f15a..c6a9194c9c7f7 100644 --- a/src/libcore/ptr/non_null.rs +++ b/src/libcore/ptr/non_null.rs @@ -7,8 +7,6 @@ use crate::mem; use crate::ptr::Unique; use crate::cmp::Ordering; -// ignore-tidy-undocumented-unsafe - /// `*mut T` but non-zero and covariant. /// /// This is often the correct thing to use when building data structures using @@ -68,6 +66,7 @@ impl NonNull { #[stable(feature = "nonnull", since = "1.25.0")] #[inline] pub const fn dangling() -> Self { + // SAFETY: must not be dereferenced, but mem::align_of::() > 0 if T is sized unsafe { let ptr = mem::align_of::() as *mut T; NonNull::new_unchecked(ptr) @@ -92,6 +91,7 @@ impl NonNull { #[inline] pub fn new(ptr: *mut T) -> Option { if !ptr.is_null() { + // SAFETY: just checked that ptr > 0 Some(unsafe { Self::new_unchecked(ptr) }) } else { None @@ -131,6 +131,7 @@ impl NonNull { #[stable(feature = "nonnull_cast", since = "1.27.0")] #[inline] pub const fn cast(self) -> NonNull { + // SAFETY: self.pointer is non-null unsafe { NonNull::new_unchecked(self.as_ptr() as *mut U) } @@ -207,6 +208,7 @@ impl hash::Hash for NonNull { impl From> for NonNull { #[inline] fn from(unique: Unique) -> Self { + // SAFETY: Unique::as_ptr() can't be null unsafe { NonNull::new_unchecked(unique.as_ptr()) } } } @@ -215,6 +217,7 @@ impl From> for NonNull { impl From<&mut T> for NonNull { #[inline] fn from(reference: &mut T) -> Self { + // SAFETY: references can't be null unsafe { NonNull { pointer: reference as *mut T } } } } @@ -223,6 +226,7 @@ impl From<&mut T> for NonNull { impl From<&T> for NonNull { #[inline] fn from(reference: &T) -> Self { + // SAFETY: references can't be null unsafe { NonNull { pointer: reference as *const T } } } } diff --git a/src/libcore/ptr/unique.rs b/src/libcore/ptr/unique.rs index 11a3aed1ab41b..f496b73433ef3 100644 --- a/src/libcore/ptr/unique.rs +++ b/src/libcore/ptr/unique.rs @@ -5,8 +5,6 @@ use crate::marker::{PhantomData, Unsize}; use crate::mem; use crate::ptr::NonNull; -// ignore-tidy-undocumented-unsafe - /// A wrapper around a raw non-null `*mut T` that indicates that the possessor /// of this wrapper owns the referent. Useful for building abstractions like /// `Box`, `Vec`, `String`, and `HashMap`. @@ -71,6 +69,7 @@ impl Unique { // FIXME: rename to dangling() to match NonNull? #[inline] pub const fn empty() -> Self { + // SAFETY: must not be dereferenced, but mem::align_of::() > 0 if T is sized unsafe { Unique::new_unchecked(mem::align_of::() as *mut T) } @@ -93,6 +92,7 @@ impl Unique { #[inline] pub fn new(ptr: *mut T) -> Option { if !ptr.is_null() { + // SAFETY: just checked that ptr > 0 Some(unsafe { Unique { pointer: ptr as _, _marker: PhantomData } }) } else { None @@ -128,6 +128,7 @@ impl Unique { /// Casts to a pointer of another type. #[inline] pub const fn cast(self) -> Unique { + // SAFETY: self.pointer is non-null unsafe { Unique::new_unchecked(self.as_ptr() as *mut U) } @@ -169,6 +170,7 @@ impl fmt::Pointer for Unique { impl From<&mut T> for Unique { #[inline] fn from(reference: &mut T) -> Self { + // SAFETY: references can't be null unsafe { Unique { pointer: reference as *mut T, _marker: PhantomData } } } } @@ -177,6 +179,7 @@ impl From<&mut T> for Unique { impl From<&T> for Unique { #[inline] fn from(reference: &T) -> Self { + // SAFETY: references can't be null unsafe { Unique { pointer: reference as *const T, _marker: PhantomData } } } } @@ -185,6 +188,7 @@ impl From<&T> for Unique { impl From> for Unique { #[inline] fn from(p: NonNull) -> Self { + // SAFETY: NonNull::as_ptr() can't be null unsafe { Unique::new_unchecked(p.as_ptr()) } } }