-
Notifications
You must be signed in to change notification settings - Fork 12.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
clarify comment in RawVec::into_box #70776
Conversation
r? @shepmaster (rust_highfive has picked a reviewer for you, use r? to override) |
That's a weird PR CI failure?
|
This comment has been minimized.
This comment has been minimized.
Yeah the failure was due to some other issue, don't worry @bors r+ rollup |
📌 Commit bbab6db36f738b26fec914b4ef3872ea8c6854ee has been approved by |
Currently,
|
@TimDiekmann Assume a In other words, I am rather confused by your statement. |
Oh, I mistakenly omitted that |
Actually fn from(slice: &[T]) -> Box<[T]> {
let len = slice.len();
let buf = RawVec::with_capacity(len);
unsafe {
ptr::copy_nonoverlapping(slice.as_ptr(), buf.ptr(), len);
buf.into_box(len).assume_init()
}
} It's also used for pub fn new_uninit_slice(len: usize) -> Box<[mem::MaybeUninit<T>]> {
unsafe { RawVec::with_capacity(len).into_box(len) }
} |
Yeah that makes so much more sense. :D |
src/liballoc/raw_vec.rs
Outdated
/// `shrink_to_fit(len)` must be called immediately prior to calling this function. | ||
/// In particular, this implies that `len` must be smaller than or equal to `self.capacity()` | ||
/// (but that is just a *necessary*, not a *sufficient*, condition). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So, should I add that to the text, replacing the shrink_to_fit thing?
Yes, I think so. Maybe like this?
/// `shrink_to_fit(len)` must be called immediately prior to calling this function. | |
/// In particular, this implies that `len` must be smaller than or equal to `self.capacity()` | |
/// (but that is just a *necessary*, not a *sufficient*, condition). | |
/// * `len` must be greater than or equal to the capacity requested in the most previous call, and | |
/// * `len` must be less than or equal to `self.capacity()`. | |
/// | |
/// Note, that the requested capacity and `self.capacity()` may not be the same, as | |
/// an allocator may overallocate and return a greater memory block than requested. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The thing mentioned in the note was the reason why I added a len
parameter to the method by the way. It's also the reason why we don't have to special case the internal capacity field anymore.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, I'll use that and edit some more!
"may not be the same" sounds like "must not be the same", so that is a bit confusing. Also, I think "most recent call" is the more common expression.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The thing mentioned in the note was the reason why I added a len parameter to the method by the way. It's also the reason why we don't have to special case the internal capacity field anymore.
So if I see it correctly, the difference between self.cap
and self.capacity()
only arises in case of mem::size_of::<T>() == 0
. And in that case the size of the Box
is zero anyway so it does not matter?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think your current wording of your latest commit is fine.
The unsafetyness is basically because len * mem::size_of::<T>()
is passed to AllocRef::dealloc
when dropping the Box
, this must be a valid call.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, but I don't understand why self.cap
vs self.capacity()
was important, and why it is not relevant any more?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't understand why self.cap vs self.capacity() was important, and why it is not relevant any more?
It was only important as calls to shrink_to_fit
have set self.cap
in any case, even for ZSTs. Calling into_box
then returned a boxed slice with the boxed.len() == self.cap
. As len
is now passed explicitly to into_box
, self.cap
isn't used here anymore.
So if I see it correctly, the difference between self.cap and self.capacity() only arises in case of mem::size_of::() == 0. And in that case the size of the Box is zero anyway so it does not matter?
Yes, that's correct. When using RawVec<ZST>
, AllocRef
is called with a layout.size() == 0
, and self.capacity()
always return usize::MAX
. Theoretically any length can be passed to into_box
here. However, the safety constraint is still a little bit more conservative. For example calling RawVec::<ZST>::with_capacity(10)
forbids calling into_box(5)
, but this would be well defined. Personally I'd keep the safety clause as mentioned above, because then ZSTs and none-ZSTs are exchangeable.
@bors r- |
This comment has been minimized.
This comment has been minimized.
I don't entirely understand this part, is that a concern for the edits we are planning here? |
No, the edits are fine. We should just keep in mind that the convenient API (like |
@bors r=Dylan-DPC,TimDiekmann |
📌 Commit 6cbe172 has been approved by |
Rollup of 5 pull requests Successful merges: - rust-lang#70558 (Fix some aliasing issues in Vec) - rust-lang#70760 (docs: make the description of Result::map_or more clear) - rust-lang#70769 (Miri: remove an outdated FIXME) - rust-lang#70776 (clarify comment in RawVec::into_box) - rust-lang#70806 (fix Miri assignment sanity check) Failed merges: r? @ghost
On first reading I almost thought "len <= cap" would be all that there is to check here. Expand the comment to clarify that that is not the case.