docs: be less harsh in wording for Vec::from_raw_parts

[duarten]

In particular, be clear that it is sound to specify memory not
originating from a previous Vec allocation. That is already suggested
in other parts of the documentation about zero-alloc conversions to Box<[T]>.

Incorporate a constraint from slice::from_raw_parts that was missing
but needs to be fulfilled, since a Vec can be converted into a slice.

Fixes #98780.

[rustbot]

Hey! It looks like you've submitted a new PR for the library teams!

If this PR contains changes to any rust-lang/rust public library APIs then please comment with @rustbot label +T-libs-api -T-libs to tag it appropriately. If this PR contains changes to any unstable APIs please edit the PR description to add a link to the relevant API Change Proposal or create one if you haven't already. If you're unsure where your change falls no worries, just leave it as is and the reviewer will take a look and make a decision to forward on if necessary.

Examples of T-libs-api changes:

• Stabilizing library features
• Introducing insta-stable changes such as new implementations of existing stable traits on existing stable types
• Introducing new or changing existing unstable library APIs (excluding permanently unstable features / features without a tracking issue)
• Changing public documentation in ways that create new stability guarantees
• Changing observable runtime behavior of library APIs

[rust-highfive]

Thanks for the pull request, and welcome! The Rust team is excited to review your changes, and you should hear from @joshtriplett (or someone else) soon.

Please see the contribution instructions for more information.

[5225225]

"ensure" here still sounds like it's a must.

I'd say something along the lines of "These requirements are always upheld by any ptr that has been allocated using a Vec<T>, but manual allocation is okay as long as the invariants are upheld."

That last bit might need some work, but if I read "ensure" in a doc, I read that as a "it is UB if this is not true".

[duarten]

Ah, good point, I'll reword.

[5225225]

Also, this looks like a t-libs-api issue

#99216 (comment)
Changing public documentation in ways that create new stability guarantees

[duarten]

Also, this looks like a t-libs-api issue

#99216 (comment)
Changing public documentation in ways that create new stability guarantees

Oh, I read that to be about feature stabilization.

[duarten]

@rustbot label +T-libs-api -T-libs

[5225225]

I'd split this into 2 lines, this is 2 different safety comments.

[5225225]

I think there's some stuff on Allocator docs about a layout "fitting" another layout. So you can allocate with size 16, get an allocation of size 24, and deallocate with any size inbetween.

Not sure if we should reflect that here. And it probably doesn't apply to Vec<T, Global> since that goes through GlobalAlloc.

[duarten]

I think it would be worth it to mention it here. Something like "capacity needs to fit the layout size that the pointer was allocated with."?

[the8472]

This should be Vec<T, A>

[5225225]

Probably also good to write some doctests showing how you'd do this.

extern crate alloc;

fn main() {
    use alloc::alloc::Layout;

    let layout = Layout::array::<u32>(16).expect("overflow cannot happen");

    let vec = unsafe {
        let alloc = alloc::alloc::alloc(layout).cast::<u32>();
        if alloc.is_null() {
            return;
        }

        alloc.write(1_000_000);

        Vec::from_raw_parts(alloc, 1, 16)
    };

    assert_eq!(vec, &[1_000_000]);
    assert_eq!(vec.capacity(), 16);
}

Something like this. I don't remember if alloc doctests get std, or if you have to write it as alloc::alloc::alloc, but that's fun to write :)

[duarten]

Examples added :)

[Hawk777]

Fixes GH-98780.

[joshtriplett]

@bors r+ rollup

[bors]

📌 Commit a85ee3e has been approved by joshtriplett

It is now in the queue for this repository.