Skip to content

Commit aea0186

Browse files
steveklabniksteveklabnik
committed
make many ptr functions must_use
https://djugei.github.io/bad-at-unsafe/ describes an error a user had when trying to use offset: > At first I just assumed that the .add() and .offset() methods on pointers would mutate the pointer. They do not. Instead they return a new pointer, which gets dropped silently if you don't use it. Unlike for example Result, which is must_use annotated.
1 parent 7faeae0 commit aea0186

File tree

3 files changed

+14
-0
lines changed

3 files changed

+14
-0
lines changed

src/libcore/intrinsics.rs

+2
Original file line numberDiff line numberDiff line change
@@ -1311,6 +1311,7 @@ extern "rust-intrinsic" {
13111311
///
13121312
/// The stabilized version of this intrinsic is
13131313
/// [`std::pointer::offset`](../../std/primitive.pointer.html#method.offset).
1314+
#[must_use = "returns a new pointer rather than modifying its argument"]
13141315
pub fn offset<T>(dst: *const T, offset: isize) -> *const T;
13151316

13161317
/// Calculates the offset from a pointer, potentially wrapping.
@@ -1327,6 +1328,7 @@ extern "rust-intrinsic" {
13271328
///
13281329
/// The stabilized version of this intrinsic is
13291330
/// [`std::pointer::wrapping_offset`](../../std/primitive.pointer.html#method.wrapping_offset).
1331+
#[must_use = "returns a new pointer rather than modifying its argument"]
13301332
pub fn arith_offset<T>(dst: *const T, offset: isize) -> *const T;
13311333

13321334
/// Equivalent to the appropriate `llvm.memcpy.p0i8.0i8.*` intrinsic, with

src/libcore/ptr/const_ptr.rs

+6
Original file line numberDiff line numberDiff line change
@@ -150,6 +150,7 @@ impl<T: ?Sized> *const T {
150150
/// }
151151
/// ```
152152
#[stable(feature = "rust1", since = "1.0.0")]
153+
#[must_use = "returns a new pointer rather than modifying its argument"]
153154
#[inline]
154155
pub unsafe fn offset(self, count: isize) -> *const T
155156
where
@@ -208,6 +209,7 @@ impl<T: ?Sized> *const T {
208209
/// }
209210
/// ```
210211
#[stable(feature = "ptr_wrapping_offset", since = "1.16.0")]
212+
#[must_use = "returns a new pointer rather than modifying its argument"]
211213
#[inline]
212214
pub fn wrapping_offset(self, count: isize) -> *const T
213215
where
@@ -390,6 +392,7 @@ impl<T: ?Sized> *const T {
390392
/// }
391393
/// ```
392394
#[stable(feature = "pointer_methods", since = "1.26.0")]
395+
#[must_use = "returns a new pointer rather than modifying its argument"]
393396
#[inline]
394397
pub unsafe fn add(self, count: usize) -> Self
395398
where
@@ -451,6 +454,7 @@ impl<T: ?Sized> *const T {
451454
/// }
452455
/// ```
453456
#[stable(feature = "pointer_methods", since = "1.26.0")]
457+
#[must_use = "returns a new pointer rather than modifying its argument"]
454458
#[inline]
455459
pub unsafe fn sub(self, count: usize) -> Self
456460
where
@@ -506,6 +510,7 @@ impl<T: ?Sized> *const T {
506510
/// }
507511
/// ```
508512
#[stable(feature = "pointer_methods", since = "1.26.0")]
513+
#[must_use = "returns a new pointer rather than modifying its argument"]
509514
#[inline]
510515
pub fn wrapping_add(self, count: usize) -> Self
511516
where
@@ -561,6 +566,7 @@ impl<T: ?Sized> *const T {
561566
/// }
562567
/// ```
563568
#[stable(feature = "pointer_methods", since = "1.26.0")]
569+
#[must_use = "returns a new pointer rather than modifying its argument"]
564570
#[inline]
565571
pub fn wrapping_sub(self, count: usize) -> Self
566572
where

src/libcore/ptr/mut_ptr.rs

+6
Original file line numberDiff line numberDiff line change
@@ -144,6 +144,7 @@ impl<T: ?Sized> *mut T {
144144
/// }
145145
/// ```
146146
#[stable(feature = "rust1", since = "1.0.0")]
147+
#[must_use = "returns a new pointer rather than modifying its argument"]
147148
#[inline]
148149
pub unsafe fn offset(self, count: isize) -> *mut T
149150
where
@@ -201,6 +202,7 @@ impl<T: ?Sized> *mut T {
201202
/// assert_eq!(&data, &[0, 2, 0, 4, 0]);
202203
/// ```
203204
#[stable(feature = "ptr_wrapping_offset", since = "1.16.0")]
205+
#[must_use = "returns a new pointer rather than modifying its argument"]
204206
#[inline]
205207
pub fn wrapping_offset(self, count: isize) -> *mut T
206208
where
@@ -436,6 +438,7 @@ impl<T: ?Sized> *mut T {
436438
/// }
437439
/// ```
438440
#[stable(feature = "pointer_methods", since = "1.26.0")]
441+
#[must_use = "returns a new pointer rather than modifying its argument"]
439442
#[inline]
440443
pub unsafe fn add(self, count: usize) -> Self
441444
where
@@ -497,6 +500,7 @@ impl<T: ?Sized> *mut T {
497500
/// }
498501
/// ```
499502
#[stable(feature = "pointer_methods", since = "1.26.0")]
503+
#[must_use = "returns a new pointer rather than modifying its argument"]
500504
#[inline]
501505
pub unsafe fn sub(self, count: usize) -> Self
502506
where
@@ -552,6 +556,7 @@ impl<T: ?Sized> *mut T {
552556
/// }
553557
/// ```
554558
#[stable(feature = "pointer_methods", since = "1.26.0")]
559+
#[must_use = "returns a new pointer rather than modifying its argument"]
555560
#[inline]
556561
pub fn wrapping_add(self, count: usize) -> Self
557562
where
@@ -607,6 +612,7 @@ impl<T: ?Sized> *mut T {
607612
/// }
608613
/// ```
609614
#[stable(feature = "pointer_methods", since = "1.26.0")]
615+
#[must_use = "returns a new pointer rather than modifying its argument"]
610616
#[inline]
611617
pub fn wrapping_sub(self, count: usize) -> Self
612618
where

0 commit comments

Comments
 (0)