Reclarify Weak<->raw pointer safety comments

CAD97 · CAD97 · commit 1e578c9fb051 · 2021-01-07T12:53:04.000-05:00
diff --git a/library/alloc/src/rc.rs b/library/alloc/src/rc.rs
@@ -1899,7 +1899,7 @@ impl<T: ?Sized> Weak<T> {
             // a valid pointer, so that `from_raw` can reverse this transformation.
             (ptr as *mut T).set_ptr_value(ptr::null_mut())
         } else {
-            // SAFETY: If the pointer is not dangling, it references a valid allocation.
+            // SAFETY: if is_dangling returns false, then the pointer is dereferencable.
             // The payload may be dropped at this point, and we have to maintain provenance,
             // so use raw pointer manipulation.
             unsafe { &raw mut (*ptr).value }
@@ -1991,7 +1991,7 @@ impl<T: ?Sized> Weak<T> {
             // SAFETY: this is the same sentinel as used in Weak::new and is_dangling
             (ptr as *mut RcBox<T>).set_ptr_value(usize::MAX as *mut _)
         } else {
-            // Otherwise, this references a real allocation.
+            // Otherwise, we're guaranteed the pointer came from a nondangling Weak.
             // SAFETY: data_offset is safe to call, as ptr references a real (potentially dropped) T.
             let offset = unsafe { data_offset(ptr) };
             // Thus, we reverse the offset to get the whole RcBox.
diff --git a/library/alloc/src/sync.rs b/library/alloc/src/sync.rs
@@ -1685,7 +1685,7 @@ impl<T: ?Sized> Weak<T> {
             // a valid pointer, so that `from_raw` can reverse this transformation.
             (ptr as *mut T).set_ptr_value(ptr::null_mut())
         } else {
-            // SAFETY: If the pointer is not dangling, it references a valid allocation.
+            // SAFETY: if is_dangling returns false, then the pointer is dereferencable.
             // The payload may be dropped at this point, and we have to maintain provenance,
             // so use raw pointer manipulation.
             unsafe { &raw mut (*ptr).data }
@@ -1777,7 +1777,7 @@ impl<T: ?Sized> Weak<T> {
             // SAFETY: this is the same sentinel as used in Weak::new and is_dangling
             (ptr as *mut ArcInner<T>).set_ptr_value(usize::MAX as *mut _)
         } else {
-            // Otherwise, this references a real allocation.
+            // Otherwise, we're guaranteed the pointer came from a nondangling Weak.
             // SAFETY: data_offset is safe to call, as ptr references a real (potentially dropped) T.
             let offset = unsafe { data_offset(ptr) };
             // Thus, we reverse the offset to get the whole RcBox.
