Skip to content

Commit 747dbcb

Browse files
CAD97CAD97
committed
Provide reasoning for rc data_offset safety
1 parent 4901c55 commit 747dbcb

File tree

2 files changed

+12
-8
lines changed

2 files changed

+12
-8
lines changed

library/alloc/src/rc.rs

+6-4
Original file line numberDiff line numberDiff line change
@@ -2314,10 +2314,12 @@ impl<T: ?Sized> Unpin for Rc<T> {}
23142314
/// The pointer must point to (and have valid metadata for) a previously
23152315
/// valid instance of T, but the T is allowed to be dropped.
23162316
unsafe fn data_offset<T: ?Sized>(ptr: *const T) -> isize {
2317-
// Align the unsized value to the end of the `RcBox`.
2318-
// Because it is ?Sized, it will always be the last field in memory.
2319-
// Note: This is a detail of the current implementation of the compiler,
2320-
// and is not a guaranteed language detail. Do not rely on it outside of std.
2317+
// Align the unsized value to the end of the RcBox.
2318+
// Because RcBox is repr(C), it will always be the last field in memory.
2319+
// SAFETY: since the only unsized types possible are slices, trait objects,
2320+
// and extern types, the input safety requirement is currently enough to
2321+
// satisfy the requirements of align_of_val_raw; this is an implementation
2322+
// detail of the language that may not be relied upon outside of std.
23212323
unsafe { data_offset_align(align_of_val_raw(ptr)) }
23222324
}
23232325

library/alloc/src/sync.rs

+6-4
Original file line numberDiff line numberDiff line change
@@ -2464,10 +2464,12 @@ impl<T: ?Sized> Unpin for Arc<T> {}
24642464
/// The pointer must point to (and have valid metadata for) a previously
24652465
/// valid instance of T, but the T is allowed to be dropped.
24662466
unsafe fn data_offset<T: ?Sized>(ptr: *const T) -> isize {
2467-
// Align the unsized value to the end of the `ArcInner`.
2468-
// Because it is `?Sized`, it will always be the last field in memory.
2469-
// Note: This is a detail of the current implementation of the compiler,
2470-
// and is not a guaranteed language detail. Do not rely on it outside of std.
2467+
// Align the unsized value to the end of the ArcInner.
2468+
// Because RcBox is repr(C), it will always be the last field in memory.
2469+
// SAFETY: since the only unsized types possible are slices, trait objects,
2470+
// and extern types, the input safety requirement is currently enough to
2471+
// satisfy the requirements of align_of_val_raw; this is an implementation
2472+
// detail of the language that may not be relied upon outside of std.
24712473
unsafe { data_offset_align(align_of_val_raw(ptr)) }
24722474
}
24732475

0 commit comments

Comments
 (0)