From 571348bc3575aab5cb984746c3aa7d569746f5f4 Mon Sep 17 00:00:00 2001 From: binarycat Date: Wed, 24 Jul 2024 15:14:41 -0400 Subject: [PATCH 1/5] create a new section on pointer to reference conversion also start deduplicating the docs that are getting moved to this section. --- core/src/ptr/mod.rs | 24 ++++++++++++++++++++++++ core/src/ptr/mut_ptr.rs | 40 ++++------------------------------------ 2 files changed, 28 insertions(+), 36 deletions(-) diff --git a/core/src/ptr/mod.rs b/core/src/ptr/mod.rs index f2247e83ec5c5..683f1d57f2259 100644 --- a/core/src/ptr/mod.rs +++ b/core/src/ptr/mod.rs @@ -56,6 +56,30 @@ //! has size 0, i.e., even if memory is not actually touched. Consider using //! [`NonNull::dangling`] in such cases. //! +//! ## Pointer to reference conversion +//! When converting a pointer to a reference using `&*`, there are several +//! rules that must be followed: +//! * The pointer must be properly aligned. +//! +//! * It must be "dereferenceable" in the sense defined above +//! +//! * The pointer must point to an initialized instance of `T`. +//! +//! * You must enforce Rust's aliasing rules, since the returned lifetime `'a` is +//! arbitrarily chosen and does not necessarily reflect the actual lifetime of the data. +//! In particular, while this reference exists, the memory the pointer points to must +//! not get accessed (read or written) through any other pointer. +//! +//! If a pointer follows all of these rules, it is said to be +//! *convertable to a reference*. +//! +//! These apply even if the result is unused! +//! (The part about being initialized is not yet fully decided, but until +//! it is, the only safe approach is to ensure that they are indeed initialized.) +//! +//! An example of the implications of the above rules is that an expression such +//! as `unsafe { &*(0 as *const u8) }` is Immediate Undefined Behavior. +//! //! ## Allocated object //! //! An *allocated object* is a subset of program memory which is addressable diff --git a/core/src/ptr/mut_ptr.rs b/core/src/ptr/mut_ptr.rs index 904d6c62dcf1e..c88b356ec743c 100644 --- a/core/src/ptr/mut_ptr.rs +++ b/core/src/ptr/mut_ptr.rs @@ -247,24 +247,7 @@ impl *mut T { /// # Safety /// /// When calling this method, you have to ensure that *either* the pointer is null *or* - /// all of the following is true: - /// - /// * The pointer must be properly aligned. - /// - /// * It must be "dereferenceable" in the sense defined in [the module documentation]. - /// - /// * The pointer must point to an initialized instance of `T`. - /// - /// * You must enforce Rust's aliasing rules, since the returned lifetime `'a` is - /// arbitrarily chosen and does not necessarily reflect the actual lifetime of the data. - /// In particular, while this reference exists, the memory the pointer points to must - /// not get mutated (except inside `UnsafeCell`). - /// - /// This applies even if the result of this method is unused! - /// (The part about being initialized is not yet fully decided, but until - /// it is, the only safe approach is to ensure that they are indeed initialized.) - /// - /// [the module documentation]: crate::ptr#safety + /// the pointer is [convirtible to a reference](crate::ptr#pointer-to-reference-conversion) /// /// # Examples /// @@ -609,25 +592,10 @@ impl *mut T { /// /// # Safety /// - /// When calling this method, you have to ensure that *either* the pointer is null *or* - /// all of the following is true: - /// - /// * The pointer must be properly aligned. - /// - /// * It must be "dereferenceable" in the sense defined in [the module documentation]. - /// - /// * The pointer must point to an initialized instance of `T`. - /// - /// * You must enforce Rust's aliasing rules, since the returned lifetime `'a` is - /// arbitrarily chosen and does not necessarily reflect the actual lifetime of the data. - /// In particular, while this reference exists, the memory the pointer points to must - /// not get accessed (read or written) through any other pointer. + /// When calling this method, you have to ensure that *either* + /// the pointer is null *or* + /// the pointer is [convirtible to a reference](crate::ptr#pointer-to-reference-conversion) /// - /// This applies even if the result of this method is unused! - /// (The part about being initialized is not yet fully decided, but until - /// it is, the only safe approach is to ensure that they are indeed initialized.) - /// - /// [the module documentation]: crate::ptr#safety /// /// # Examples /// From 394c8640df015efd55a5cddb3fad5dfce5172d79 Mon Sep 17 00:00:00 2001 From: binarycat Date: Wed, 24 Jul 2024 16:36:33 -0400 Subject: [PATCH 2/5] remove duplicate explanations of the ptr to ref conversion rules --- core/src/ptr/const_ptr.rs | 54 +++-------------------------- core/src/ptr/mod.rs | 34 +++++++++++++----- core/src/ptr/mut_ptr.rs | 73 +++++---------------------------------- core/src/ptr/non_null.rs | 72 +++++++------------------------------- 4 files changed, 50 insertions(+), 183 deletions(-) diff --git a/core/src/ptr/const_ptr.rs b/core/src/ptr/const_ptr.rs index 3e7933e9eec86..8b9f7b57d0053 100644 --- a/core/src/ptr/const_ptr.rs +++ b/core/src/ptr/const_ptr.rs @@ -239,24 +239,7 @@ impl *const T { /// # Safety /// /// When calling this method, you have to ensure that *either* the pointer is null *or* - /// all of the following is true: - /// - /// * The pointer must be properly aligned. - /// - /// * It must be "dereferenceable" in the sense defined in [the module documentation]. - /// - /// * The pointer must point to an initialized instance of `T`. - /// - /// * You must enforce Rust's aliasing rules, since the returned lifetime `'a` is - /// arbitrarily chosen and does not necessarily reflect the actual lifetime of the data. - /// In particular, while this reference exists, the memory the pointer points to must - /// not get mutated (except inside `UnsafeCell`). - /// - /// This applies even if the result of this method is unused! - /// (The part about being initialized is not yet fully decided, but until - /// it is, the only safe approach is to ensure that they are indeed initialized.) - /// - /// [the module documentation]: crate::ptr#safety + /// the pointer is [convirtible to a reference](crate::ptr#pointer-to-reference-conversion) /// /// # Examples /// @@ -302,24 +285,8 @@ impl *const T { /// /// # Safety /// - /// When calling this method, you have to ensure that all of the following is true: - /// - /// * The pointer must be properly aligned. - /// - /// * It must be "dereferenceable" in the sense defined in [the module documentation]. - /// - /// * The pointer must point to an initialized instance of `T`. - /// - /// * You must enforce Rust's aliasing rules, since the returned lifetime `'a` is - /// arbitrarily chosen and does not necessarily reflect the actual lifetime of the data. - /// In particular, while this reference exists, the memory the pointer points to must - /// not get mutated (except inside `UnsafeCell`). - /// - /// This applies even if the result of this method is unused! - /// (The part about being initialized is not yet fully decided, but until - /// it is, the only safe approach is to ensure that they are indeed initialized.) - /// - /// [the module documentation]: crate::ptr#safety + /// When calling this method, you have to ensure that + /// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion) /// /// # Examples /// @@ -350,20 +317,7 @@ impl *const T { /// # Safety /// /// When calling this method, you have to ensure that *either* the pointer is null *or* - /// all of the following is true: - /// - /// * The pointer must be properly aligned. - /// - /// * It must be "dereferenceable" in the sense defined in [the module documentation]. - /// - /// * You must enforce Rust's aliasing rules, since the returned lifetime `'a` is - /// arbitrarily chosen and does not necessarily reflect the actual lifetime of the data. - /// In particular, while this reference exists, the memory the pointer points to must - /// not get mutated (except inside `UnsafeCell`). - /// - /// This applies even if the result of this method is unused! - /// - /// [the module documentation]: crate::ptr#safety + /// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion) /// /// # Examples /// diff --git a/core/src/ptr/mod.rs b/core/src/ptr/mod.rs index 683f1d57f2259..591705a69fdee 100644 --- a/core/src/ptr/mod.rs +++ b/core/src/ptr/mod.rs @@ -57,21 +57,39 @@ //! [`NonNull::dangling`] in such cases. //! //! ## Pointer to reference conversion -//! When converting a pointer to a reference using `&*`, there are several -//! rules that must be followed: +//! When converting a pointer to a reference `&T` using `&*`, +//! there are several rules that must be followed: +//! //! * The pointer must be properly aligned. //! -//! * It must be "dereferenceable" in the sense defined above +// some microprocessors may use address 0 for an interrupt vector. +// users of these microprocessors must always read/write address 0 through +// a raw pointer, not a reference. +//! * It must be non-null. +//! +//! * It must be "dereferenceable" in the sense defined above. //! -//! * The pointer must point to an initialized instance of `T`. +//! * The pointer must point to a valid instance of `T`. +//! This means that the created reference can only refer to +//! uninitialized memory through careful use of `MaybeUninit`. //! -//! * You must enforce Rust's aliasing rules, since the returned lifetime `'a` is -//! arbitrarily chosen and does not necessarily reflect the actual lifetime of the data. -//! In particular, while this reference exists, the memory the pointer points to must -//! not get accessed (read or written) through any other pointer. +//! * You must enforce Rust's aliasing rules, since the lifetime of the +//! created reference is arbitrarily chosen, +//! and does not necessarily reflect the actual lifetime of the data. +//! In particular, while this reference exists, +//! the memory the pointer points to must +//! not get accessed (read or written) through any raw pointer, +//! except for data inside an `UnsafeCell` +// ^ previous documentation was somewhat unclear on if modifications through +// an UnsafeCell are safe even if they would seemingly violate the exclusivity +// of a mut ref. //! //! If a pointer follows all of these rules, it is said to be //! *convertable to a reference*. +// ^ we use this term instead of saying that the produced reference must +// be valid, as the validity of a reference is easily confused for the +// validity of the thing it refers to, and while the two concepts are +// closly related, they are not identical. //! //! These apply even if the result is unused! //! (The part about being initialized is not yet fully decided, but until diff --git a/core/src/ptr/mut_ptr.rs b/core/src/ptr/mut_ptr.rs index c88b356ec743c..fb393ffadd5cd 100644 --- a/core/src/ptr/mut_ptr.rs +++ b/core/src/ptr/mut_ptr.rs @@ -296,24 +296,7 @@ impl *mut T { /// /// # Safety /// - /// When calling this method, you have to ensure that all of the following is true: - /// - /// * The pointer must be properly aligned. - /// - /// * It must be "dereferenceable" in the sense defined in [the module documentation]. - /// - /// * The pointer must point to an initialized instance of `T`. - /// - /// * You must enforce Rust's aliasing rules, since the returned lifetime `'a` is - /// arbitrarily chosen and does not necessarily reflect the actual lifetime of the data. - /// In particular, while this reference exists, the memory the pointer points to must - /// not get mutated (except inside `UnsafeCell`). - /// - /// This applies even if the result of this method is unused! - /// (The part about being initialized is not yet fully decided, but until - /// it is, the only safe approach is to ensure that they are indeed initialized.) - /// - /// [the module documentation]: crate::ptr#safety + /// When calling this method, you have to ensure that the pointer is [convirtible to a reference](crate::ptr#pointer-to-reference-conversion) /// /// # Examples /// @@ -347,20 +330,9 @@ impl *mut T { /// # Safety /// /// When calling this method, you have to ensure that *either* the pointer is null *or* - /// all of the following is true: - /// - /// * The pointer must be properly aligned. - /// - /// * It must be "dereferenceable" in the sense defined in [the module documentation]. - /// - /// * You must enforce Rust's aliasing rules, since the returned lifetime `'a` is - /// arbitrarily chosen and does not necessarily reflect the actual lifetime of the data. - /// In particular, while this reference exists, the memory the pointer points to must - /// not get mutated (except inside `UnsafeCell`). - /// - /// This applies even if the result of this method is unused! - /// - /// [the module documentation]: crate::ptr#safety + /// the pointer is [convirtible to a reference](crate::ptr#pointer-to-reference-conversion). + /// Note that because the created reference is to `MaybeUninit`, the + /// source pointer can point to uninitialized memory. /// /// # Examples /// @@ -594,7 +566,7 @@ impl *mut T { /// /// When calling this method, you have to ensure that *either* /// the pointer is null *or* - /// the pointer is [convirtible to a reference](crate::ptr#pointer-to-reference-conversion) + /// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion) /// /// /// # Examples @@ -643,24 +615,8 @@ impl *mut T { /// /// # Safety /// - /// When calling this method, you have to ensure that all of the following is true: - /// - /// * The pointer must be properly aligned. - /// - /// * It must be "dereferenceable" in the sense defined in [the module documentation]. - /// - /// * The pointer must point to an initialized instance of `T`. - /// - /// * You must enforce Rust's aliasing rules, since the returned lifetime `'a` is - /// arbitrarily chosen and does not necessarily reflect the actual lifetime of the data. - /// In particular, while this reference exists, the memory the pointer points to must - /// not get mutated (except inside `UnsafeCell`). - /// - /// This applies even if the result of this method is unused! - /// (The part about being initialized is not yet fully decided, but until - /// it is, the only safe approach is to ensure that they are indeed initialized.) - /// - /// [the module documentation]: crate::ptr#safety + /// When calling this method, you have to ensure that + /// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion) /// /// # Examples /// @@ -695,20 +651,7 @@ impl *mut T { /// # Safety /// /// When calling this method, you have to ensure that *either* the pointer is null *or* - /// all of the following is true: - /// - /// * The pointer must be properly aligned. - /// - /// * It must be "dereferenceable" in the sense defined in [the module documentation]. - /// - /// * You must enforce Rust's aliasing rules, since the returned lifetime `'a` is - /// arbitrarily chosen and does not necessarily reflect the actual lifetime of the data. - /// In particular, while this reference exists, the memory the pointer points to must - /// not get accessed (read or written) through any other pointer. - /// - /// This applies even if the result of this method is unused! - /// - /// [the module documentation]: crate::ptr#safety + /// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion) #[inline] #[unstable(feature = "ptr_as_uninit", issue = "75402")] #[rustc_const_unstable(feature = "const_ptr_as_ref", issue = "91822")] diff --git a/core/src/ptr/non_null.rs b/core/src/ptr/non_null.rs index 796c85d0cacc7..1e1cf780c28f0 100644 --- a/core/src/ptr/non_null.rs +++ b/core/src/ptr/non_null.rs @@ -128,20 +128,10 @@ impl NonNull { /// /// # Safety /// - /// When calling this method, you have to ensure that all of the following is true: - /// - /// * The pointer must be properly aligned. - /// - /// * It must be "dereferenceable" in the sense defined in [the module documentation]. - /// - /// * You must enforce Rust's aliasing rules, since the returned lifetime `'a` is - /// arbitrarily chosen and does not necessarily reflect the actual lifetime of the data. - /// In particular, while this reference exists, the memory the pointer points to must - /// not get mutated (except inside `UnsafeCell`). - /// - /// This applies even if the result of this method is unused! - /// - /// [the module documentation]: crate::ptr#safety + /// When calling this method, you have to ensure that + /// the pointer is [convirtible to a reference](crate::ptr#pointer-to-reference-conversion). + /// Note that because the created reference is to `MaybeUninit`, the + /// source pointer can point to uninitialized memory. #[inline] #[must_use] #[unstable(feature = "ptr_as_uninit", issue = "75402")] @@ -162,20 +152,10 @@ impl NonNull { /// /// # Safety /// - /// When calling this method, you have to ensure that all of the following is true: - /// - /// * The pointer must be properly aligned. - /// - /// * It must be "dereferenceable" in the sense defined in [the module documentation]. - /// - /// * You must enforce Rust's aliasing rules, since the returned lifetime `'a` is - /// arbitrarily chosen and does not necessarily reflect the actual lifetime of the data. - /// In particular, while this reference exists, the memory the pointer points to must - /// not get accessed (read or written) through any other pointer. - /// - /// This applies even if the result of this method is unused! - /// - /// [the module documentation]: crate::ptr#safety + /// When calling this method, you have to ensure that + /// the pointer is [convirtible to a reference](crate::ptr#pointer-to-reference-conversion). + /// Note that because the created reference is to `MaybeUninit`, the + /// source pointer can point to uninitialized memory. #[inline] #[must_use] #[unstable(feature = "ptr_as_uninit", issue = "75402")] @@ -361,22 +341,8 @@ impl NonNull { /// /// # Safety /// - /// When calling this method, you have to ensure that all of the following is true: - /// - /// * The pointer must be properly aligned. - /// - /// * It must be "dereferenceable" in the sense defined in [the module documentation]. - /// - /// * The pointer must point to an initialized instance of `T`. - /// - /// * You must enforce Rust's aliasing rules, since the returned lifetime `'a` is - /// arbitrarily chosen and does not necessarily reflect the actual lifetime of the data. - /// In particular, while this reference exists, the memory the pointer points to must - /// not get mutated (except inside `UnsafeCell`). - /// - /// This applies even if the result of this method is unused! - /// (The part about being initialized is not yet fully decided, but until - /// it is, the only safe approach is to ensure that they are indeed initialized.) + /// When calling this method, you have to ensure that + /// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion) /// /// # Examples /// @@ -412,22 +378,8 @@ impl NonNull { /// /// # Safety /// - /// When calling this method, you have to ensure that all of the following is true: - /// - /// * The pointer must be properly aligned. - /// - /// * It must be "dereferenceable" in the sense defined in [the module documentation]. - /// - /// * The pointer must point to an initialized instance of `T`. - /// - /// * You must enforce Rust's aliasing rules, since the returned lifetime `'a` is - /// arbitrarily chosen and does not necessarily reflect the actual lifetime of the data. - /// In particular, while this reference exists, the memory the pointer points to must - /// not get accessed (read or written) through any other pointer. - /// - /// This applies even if the result of this method is unused! - /// (The part about being initialized is not yet fully decided, but until - /// it is, the only safe approach is to ensure that they are indeed initialized.) + /// When calling this method, you have to ensure that + /// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion) /// # Examples /// /// ``` From f26f981c731febd84f21dca6a439eaaf4e8d7cdb Mon Sep 17 00:00:00 2001 From: binarycat Date: Thu, 25 Jul 2024 11:53:07 -0400 Subject: [PATCH 3/5] clarify interactions with MaybeUninit and UnsafeCell --- core/src/ptr/mod.rs | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/core/src/ptr/mod.rs b/core/src/ptr/mod.rs index 591705a69fdee..b2fb365d22745 100644 --- a/core/src/ptr/mod.rs +++ b/core/src/ptr/mod.rs @@ -69,9 +69,12 @@ //! //! * It must be "dereferenceable" in the sense defined above. //! -//! * The pointer must point to a valid instance of `T`. +//! * The pointer must point to a valid value of type `T`. //! This means that the created reference can only refer to -//! uninitialized memory through careful use of `MaybeUninit`. +//! uninitialized memory through careful use of `MaybeUninit`, +//! or if the uninitialized memory is entirly contained within +//! padding bytes, since +//! [padding has the same validity invariant as `MaybeUninit`][ucg-pad]. //! //! * You must enforce Rust's aliasing rules, since the lifetime of the //! created reference is arbitrarily chosen, @@ -79,10 +82,9 @@ //! In particular, while this reference exists, //! the memory the pointer points to must //! not get accessed (read or written) through any raw pointer, -//! except for data inside an `UnsafeCell` -// ^ previous documentation was somewhat unclear on if modifications through -// an UnsafeCell are safe even if they would seemingly violate the exclusivity -// of a mut ref. +//! except for data inside an `UnsafeCell`. +//! Note that aliased writes are always UB for mutable references, +//! even if they only modify `UnsafeCell` data. //! //! If a pointer follows all of these rules, it is said to be //! *convertable to a reference*. @@ -98,6 +100,8 @@ //! An example of the implications of the above rules is that an expression such //! as `unsafe { &*(0 as *const u8) }` is Immediate Undefined Behavior. //! +//! [ucgpad]: https://rust-lang.github.io/unsafe-code-guidelines/glossary.html#padding +//! //! ## Allocated object //! //! An *allocated object* is a subset of program memory which is addressable From eae79872269600c622b2e924b7f0401685aaa304 Mon Sep 17 00:00:00 2001 From: binarycat Date: Thu, 22 Aug 2024 14:25:54 -0400 Subject: [PATCH 4/5] fix typos in new pointer conversion docs --- core/src/ptr/const_ptr.rs | 2 +- core/src/ptr/mod.rs | 2 +- core/src/ptr/mut_ptr.rs | 8 ++++---- core/src/ptr/non_null.rs | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/core/src/ptr/const_ptr.rs b/core/src/ptr/const_ptr.rs index 8b9f7b57d0053..d7eea937ef847 100644 --- a/core/src/ptr/const_ptr.rs +++ b/core/src/ptr/const_ptr.rs @@ -239,7 +239,7 @@ impl *const T { /// # Safety /// /// When calling this method, you have to ensure that *either* the pointer is null *or* - /// the pointer is [convirtible to a reference](crate::ptr#pointer-to-reference-conversion) + /// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion). /// /// # Examples /// diff --git a/core/src/ptr/mod.rs b/core/src/ptr/mod.rs index b2fb365d22745..a7d6602287b90 100644 --- a/core/src/ptr/mod.rs +++ b/core/src/ptr/mod.rs @@ -87,7 +87,7 @@ //! even if they only modify `UnsafeCell` data. //! //! If a pointer follows all of these rules, it is said to be -//! *convertable to a reference*. +//! *convertible to a reference*. // ^ we use this term instead of saying that the produced reference must // be valid, as the validity of a reference is easily confused for the // validity of the thing it refers to, and while the two concepts are diff --git a/core/src/ptr/mut_ptr.rs b/core/src/ptr/mut_ptr.rs index fb393ffadd5cd..d7bb18590ed5e 100644 --- a/core/src/ptr/mut_ptr.rs +++ b/core/src/ptr/mut_ptr.rs @@ -247,7 +247,7 @@ impl *mut T { /// # Safety /// /// When calling this method, you have to ensure that *either* the pointer is null *or* - /// the pointer is [convirtible to a reference](crate::ptr#pointer-to-reference-conversion) + /// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion) /// /// # Examples /// @@ -296,7 +296,7 @@ impl *mut T { /// /// # Safety /// - /// When calling this method, you have to ensure that the pointer is [convirtible to a reference](crate::ptr#pointer-to-reference-conversion) + /// When calling this method, you have to ensure that the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion) /// /// # Examples /// @@ -330,7 +330,7 @@ impl *mut T { /// # Safety /// /// When calling this method, you have to ensure that *either* the pointer is null *or* - /// the pointer is [convirtible to a reference](crate::ptr#pointer-to-reference-conversion). + /// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion). /// Note that because the created reference is to `MaybeUninit`, the /// source pointer can point to uninitialized memory. /// @@ -566,7 +566,7 @@ impl *mut T { /// /// When calling this method, you have to ensure that *either* /// the pointer is null *or* - /// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion) + /// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion). /// /// /// # Examples diff --git a/core/src/ptr/non_null.rs b/core/src/ptr/non_null.rs index 1e1cf780c28f0..5d5d9d401a295 100644 --- a/core/src/ptr/non_null.rs +++ b/core/src/ptr/non_null.rs @@ -129,7 +129,7 @@ impl NonNull { /// # Safety /// /// When calling this method, you have to ensure that - /// the pointer is [convirtible to a reference](crate::ptr#pointer-to-reference-conversion). + /// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion). /// Note that because the created reference is to `MaybeUninit`, the /// source pointer can point to uninitialized memory. #[inline] @@ -153,7 +153,7 @@ impl NonNull { /// # Safety /// /// When calling this method, you have to ensure that - /// the pointer is [convirtible to a reference](crate::ptr#pointer-to-reference-conversion). + /// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion). /// Note that because the created reference is to `MaybeUninit`, the /// source pointer can point to uninitialized memory. #[inline] From d1e21bdba8d4aec9810bff82992a04665768a74d Mon Sep 17 00:00:00 2001 From: Josh Stone Date: Mon, 26 Aug 2024 12:36:58 -0700 Subject: [PATCH 5/5] Apply suggestions from code review --- core/src/ptr/const_ptr.rs | 4 ++-- core/src/ptr/mod.rs | 2 +- core/src/ptr/mut_ptr.rs | 8 ++++---- core/src/ptr/non_null.rs | 4 ++-- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/core/src/ptr/const_ptr.rs b/core/src/ptr/const_ptr.rs index d7eea937ef847..77fb2e8abb9f0 100644 --- a/core/src/ptr/const_ptr.rs +++ b/core/src/ptr/const_ptr.rs @@ -286,7 +286,7 @@ impl *const T { /// # Safety /// /// When calling this method, you have to ensure that - /// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion) + /// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion). /// /// # Examples /// @@ -317,7 +317,7 @@ impl *const T { /// # Safety /// /// When calling this method, you have to ensure that *either* the pointer is null *or* - /// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion) + /// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion). /// /// # Examples /// diff --git a/core/src/ptr/mod.rs b/core/src/ptr/mod.rs index a7d6602287b90..338659c46ed9c 100644 --- a/core/src/ptr/mod.rs +++ b/core/src/ptr/mod.rs @@ -72,7 +72,7 @@ //! * The pointer must point to a valid value of type `T`. //! This means that the created reference can only refer to //! uninitialized memory through careful use of `MaybeUninit`, -//! or if the uninitialized memory is entirly contained within +//! or if the uninitialized memory is entirely contained within //! padding bytes, since //! [padding has the same validity invariant as `MaybeUninit`][ucg-pad]. //! diff --git a/core/src/ptr/mut_ptr.rs b/core/src/ptr/mut_ptr.rs index d7bb18590ed5e..64ed5a98bce8e 100644 --- a/core/src/ptr/mut_ptr.rs +++ b/core/src/ptr/mut_ptr.rs @@ -247,7 +247,7 @@ impl *mut T { /// # Safety /// /// When calling this method, you have to ensure that *either* the pointer is null *or* - /// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion) + /// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion). /// /// # Examples /// @@ -296,7 +296,7 @@ impl *mut T { /// /// # Safety /// - /// When calling this method, you have to ensure that the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion) + /// When calling this method, you have to ensure that the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion). /// /// # Examples /// @@ -616,7 +616,7 @@ impl *mut T { /// # Safety /// /// When calling this method, you have to ensure that - /// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion) + /// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion). /// /// # Examples /// @@ -651,7 +651,7 @@ impl *mut T { /// # Safety /// /// When calling this method, you have to ensure that *either* the pointer is null *or* - /// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion) + /// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion). #[inline] #[unstable(feature = "ptr_as_uninit", issue = "75402")] #[rustc_const_unstable(feature = "const_ptr_as_ref", issue = "91822")] diff --git a/core/src/ptr/non_null.rs b/core/src/ptr/non_null.rs index 5d5d9d401a295..ee9f23d61c787 100644 --- a/core/src/ptr/non_null.rs +++ b/core/src/ptr/non_null.rs @@ -342,7 +342,7 @@ impl NonNull { /// # Safety /// /// When calling this method, you have to ensure that - /// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion) + /// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion). /// /// # Examples /// @@ -379,7 +379,7 @@ impl NonNull { /// # Safety /// /// When calling this method, you have to ensure that - /// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion) + /// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion). /// # Examples /// /// ```