Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

restate GlobalAlloc method safety preconditions in terms of what the caller has to do for greater clarity #123932

Merged
merged 1 commit into from
Sep 29, 2024
+17 −15
Merged

restate GlobalAlloc method safety preconditions in terms of what the caller has to do for greater clarity #123932

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 17 additions & 15 deletions library/core/src/alloc/global.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,8 +124,8 @@ pub unsafe trait GlobalAlloc {
///
/// # Safety
///
/// This function is unsafe because undefined behavior can result
/// if the caller does not ensure that `layout` has non-zero size.
/// `layout` must have non-zero size. Attempting to allocate for a zero-sized `layout` may
/// result in undefined behavior.
///
/// (Extension subtraits might provide more specific bounds on
/// behavior, e.g., guarantee a sentinel address or a null pointer
Expand Down Expand Up @@ -156,14 +156,14 @@ pub unsafe trait GlobalAlloc {
///
/// # Safety
///
/// This function is unsafe because undefined behavior can result
/// if the caller does not ensure all of the following:
/// The caller must ensure:
///
/// * `ptr` must denote a block of memory currently allocated via
/// this allocator,
/// * `ptr` is a block of memory currently allocated via this allocator and,
///
/// * `layout` must be the same layout that was used
/// to allocate that block of memory.
/// * `layout` is the same layout that was used to allocate that block of
/// memory.
///
/// Otherwise undefined behavior can result.
#[stable(feature = "global_alloc", since = "1.28.0")]
unsafe fn dealloc(&self, ptr: *mut u8, layout: Layout);

Expand All @@ -172,7 +172,8 @@ pub unsafe trait GlobalAlloc {
///
/// # Safety
///
/// This function is unsafe for the same reasons that `alloc` is.
/// The caller has to ensure that `layout` has non-zero size. Like `alloc`
/// zero sized `layout` can result in undefined behaviour.
/// However the allocated block of memory is guaranteed to be initialized.
///
/// # Errors
Expand Down Expand Up @@ -220,20 +221,21 @@ pub unsafe trait GlobalAlloc {
///
/// # Safety
///
/// This function is unsafe because undefined behavior can result
/// if the caller does not ensure all of the following:
/// The caller must ensure that:
///
/// * `ptr` must be currently allocated via this allocator,
/// * `ptr` is allocated via this allocator,
adamse marked this conversation as resolved.
Show resolved Hide resolved
///
/// * `layout` must be the same layout that was used
/// * `layout` is the same layout that was used
/// to allocate that block of memory,
///
/// * `new_size` must be greater than zero.
/// * `new_size` is greater than zero.
///
/// * `new_size`, when rounded up to the nearest multiple of `layout.align()`,
/// must not overflow `isize` (i.e., the rounded value must be less than or
/// does not overflow `isize` (i.e., the rounded value must be less than or
/// equal to `isize::MAX`).
///
/// If these are not followed, undefined behaviour can result.
///
/// (Extension subtraits might provide more specific bounds on
/// behavior, e.g., guarantee a sentinel address or a null pointer
/// in response to a zero-size allocation request.)
Expand Down
Loading