Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix missing safety in {ptr,NonNull}::as_mut #138919

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
+86 −46
Open

Fix missing safety in {ptr,NonNull}::as_mut #138919

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f525052
fix missing safety in as_mut
DiuDiu777 Mar 25, 2025
74c9c3b
fix missing doc in as_ref
DiuDiu777 Mar 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
81 changes: 53 additions & 28 deletions library/core/src/ptr/mut_ptr.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -233,25 +233,30 @@ impl<T: ?Sized> *mut T {
}

/// Returns `None` if the pointer is null, or else returns a shared reference to
/// the value wrapped in `Some`. If the value may be uninitialized, [`as_uninit_ref`]
/// must be used instead.
/// the value wrapped in `Some`.
///
/// For the mutable counterpart see [`as_mut`].
///
/// [`as_uninit_ref`]: pointer#method.as_uninit_ref-1
/// [`as_mut`]: #method.as_mut
///
/// # Safety
///
/// When calling this method, you have to ensure that *either* the pointer is null *or*
/// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion).
/// When calling this method, you have to ensure that:
///
/// * *Either* the pointer is null *or* the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion).
///
/// * The value of memory pointed by the ptr must be initialized. If not, [`as_uninit_ref`] must be used instead.
///
/// * Note that after obtaining the reference, the original pointer must not
/// be mutated until the reference's lifetime ends (except inside `UnsafeCell`).
///
/// # Panics during const evaluation
///
/// This method will panic during const evaluation if the pointer cannot be
/// determined to be null or not. See [`is_null`] for more information.
///
/// [`is_null`]: #method.is_null-1
/// [`as_uninit_ref`]: pointer#method.as_uninit_ref-1
///
/// # Examples
///
Expand Down Expand Up @@ -289,18 +294,25 @@ impl<T: ?Sized> *mut T {
}

/// Returns a shared reference to the value behind the pointer.
/// If the pointer may be null or the value may be uninitialized, [`as_uninit_ref`] must be used instead.
/// If the pointer may be null, but the value is known to have been initialized, [`as_ref`] must be used instead.
///
/// For the mutable counterpart see [`as_mut_unchecked`].
///
/// [`as_ref`]: #method.as_ref
/// [`as_uninit_ref`]: #method.as_uninit_ref
/// [`as_mut_unchecked`]: #method.as_mut_unchecked
///
/// # Safety
///
/// When calling this method, you have to ensure that the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion).
/// When calling this method, you have to ensure that:
///
/// * The pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion).
///
/// * If the pointer may be null or the value may be uninitialized, [`as_uninit_ref`] must be used instead.
/// If the pointer may be null, but the value is known to have been initialized, [`as_ref`] must be used instead.
///
/// * Note that after obtaining the reference, the original pointer must not
/// be mutated until the reference's lifetime ends (except inside `UnsafeCell`).
///
/// [`as_ref`]: #method.as_ref
/// [`as_uninit_ref`]: #method.as_uninit_ref
///
/// # Examples
///
Expand Down Expand Up @@ -332,10 +344,10 @@ impl<T: ?Sized> *mut T {
///
/// # Safety
///
/// When calling this method, you have to ensure that *either* the pointer is null *or*
/// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion).
/// Note that because the created reference is to `MaybeUninit<T>`, the
/// source pointer can point to uninitialized memory.
/// * The pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion).
///
/// * Note that after obtaining the reference, the original pointer must not
/// be mutated until the reference's lifetime ends (except inside `UnsafeCell`).
///
/// # Panics during const evaluation
///
Expand Down Expand Up @@ -593,19 +605,22 @@ impl<T: ?Sized> *mut T {
}

/// Returns `None` if the pointer is null, or else returns a unique reference to
/// the value wrapped in `Some`. If the value may be uninitialized, [`as_uninit_mut`]
/// must be used instead.
/// the value wrapped in `Some`.
///
/// For the shared counterpart see [`as_ref`].
///
/// [`as_uninit_mut`]: #method.as_uninit_mut
/// [`as_ref`]: pointer#method.as_ref-1
///
/// # Safety
///
/// When calling this method, you have to ensure that *either*
/// the pointer is null *or*
/// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion).
/// When calling this method, you have to ensure that:
///
/// * *Either* the pointer is null *or* the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion).
///
/// * The value of memory pointed by the ptr must be initialized. If not, [`as_uninit_mut`] must be used instead.
///
/// * Note that after obtaining the mutable reference, the original pointer
/// must not be used to access the data until the reference's lifetime ends.
///
/// # Panics during const evaluation
///
Expand All @@ -614,6 +629,8 @@ impl<T: ?Sized> *mut T {
///
/// [`is_null`]: #method.is_null-1
///
/// [`as_uninit_mut`]: #method.as_uninit_mut
///
/// # Examples
///
/// ```
Expand Down Expand Up @@ -649,19 +666,25 @@ impl<T: ?Sized> *mut T {
}

/// Returns a unique reference to the value behind the pointer.
/// If the pointer may be null or the value may be uninitialized, [`as_uninit_mut`] must be used instead.
/// If the pointer may be null, but the value is known to have been initialized, [`as_mut`] must be used instead.
///
/// For the shared counterpart see [`as_ref_unchecked`].
///
/// [`as_mut`]: #method.as_mut
/// [`as_uninit_mut`]: #method.as_uninit_mut
/// [`as_ref_unchecked`]: #method.as_mut_unchecked
///
/// # Safety
///
/// When calling this method, you have to ensure that
/// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion).
/// When calling this method, you have to ensure that:
///
/// * The pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion).
///
/// * If the pointer may be null or the value may be uninitialized, [`as_uninit_mut`] must be used instead.
/// If the pointer may be null, but the value is known to have been initialized, [`as_mut`] must be used instead.
///
/// * Note that after obtaining the mutable reference, the original pointer
/// must not be used to access the data until the reference's lifetime ends.
///
/// [`as_mut`]: #method.as_mut
/// [`as_uninit_mut`]: #method.as_uninit_mut
///
/// # Examples
///
Expand Down Expand Up @@ -694,8 +717,10 @@ impl<T: ?Sized> *mut T {
///
/// # Safety
///
/// When calling this method, you have to ensure that *either* the pointer is null *or*
/// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion).
/// * The pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion).
///
/// * Note that after obtaining the mutable reference, the original pointer must not
/// be used to access the data until the reference's lifetime ends.
///
/// # Panics during const evaluation
///
Expand Down
51 changes: 33 additions & 18 deletions library/core/src/ptr/non_null.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -152,10 +152,11 @@ impl<T: Sized> NonNull<T> {
///
/// # Safety
///
/// When calling this method, you have to ensure that
/// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion).
/// Note that because the created reference is to `MaybeUninit<T>`, the
/// source pointer can point to uninitialized memory.
/// * The pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion).
///
/// * Note that after obtaining the reference, the original pointer must not
/// be mutated until the reference's lifetime ends (except inside `UnsafeCell`).
///
#[inline]
#[must_use]
#[unstable(feature = "ptr_as_uninit", issue = "75402")]
Expand All @@ -175,10 +176,11 @@ impl<T: Sized> NonNull<T> {
///
/// # Safety
///
/// When calling this method, you have to ensure that
/// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion).
/// Note that because the created reference is to `MaybeUninit<T>`, the
/// source pointer can point to uninitialized memory.
/// * The pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion).
///
/// * Note that after obtaining the mutable reference, the original pointer must not
/// be used to access the data until the reference's lifetime ends.
///
#[inline]
#[must_use]
#[unstable(feature = "ptr_as_uninit", issue = "75402")]
Expand Down Expand Up @@ -391,18 +393,24 @@ impl<T: ?Sized> NonNull<T> {
unsafe { mem::transmute::<Self, *mut T>(self) }
}

/// Returns a shared reference to the value. If the value may be uninitialized, [`as_uninit_ref`]
/// must be used instead.
/// Returns a shared reference to the value.
///
/// For the mutable counterpart see [`as_mut`].
///
/// [`as_uninit_ref`]: NonNull::as_uninit_ref
/// [`as_mut`]: NonNull::as_mut
///
/// # Safety
///
/// When calling this method, you have to ensure that
/// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion).
/// When calling this method, you have to ensure that:
///
/// * The pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion).
///
/// * The value of memory pointed by the ptr must be initialized. If not, [`as_uninit_ref`] must be used instead.
///
/// * Note that after obtaining the mutable reference, the original pointer must not
/// be mutated until the reference's lifetime ends (except inside `UnsafeCell`).
///
/// [`as_uninit_ref`]: NonNull::as_uninit_ref
///
/// # Examples
///
Expand All @@ -428,18 +436,25 @@ impl<T: ?Sized> NonNull<T> {
unsafe { &*self.as_ptr().cast_const() }
}

/// Returns a unique reference to the value. If the value may be uninitialized, [`as_uninit_mut`]
/// must be used instead.
/// Returns a unique reference to the value.
///
/// For the shared counterpart see [`as_ref`].
///
/// [`as_uninit_mut`]: NonNull::as_uninit_mut
/// [`as_ref`]: NonNull::as_ref
///
/// # Safety
///
/// When calling this method, you have to ensure that
/// the pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion).
/// When calling this method, you have to ensure that:
///
/// * The pointer is [convertible to a reference](crate::ptr#pointer-to-reference-conversion).
///
/// * The value of memory pointed by the ptr must be initialized. If not, [`as_uninit_mut`] must be used instead.
///
/// * Note that after obtaining the mutable reference, the original pointer
/// must not be used to access the data until the reference's lifetime ends.
///
/// [`as_uninit_mut`]: NonNull::as_uninit_mut
///
/// # Examples
///
/// ```
Expand Down
Loading