Rollup merge of #71148 - bluss:vec-drop-raw-slice, r=RalfJung

Vec drop and truncate: drop using raw slice *mut [T] By creating a *mut [T] directly (without going through &mut [T]), avoid questions of validity of the contents of the slice. Consider the following risky code: ```rust unsafe { let mut v = Vec::<bool>::with_capacity(16); v.set_len(16); } ``` The intention is that with this change, we avoid one of the soundness questions about the above snippet, because Vec::drop no longer produces a mutable slice of the vector's contents. r? @RalfJung

Rollup merge of #71148 - bluss:vec-drop-raw-slice, r=RalfJung
Vec drop and truncate: drop using raw slice *mut [T] By creating a *mut [T] directly (without going through &mut [T]), avoid questions of validity of the contents of the slice. Consider the following risky code: ```rust unsafe { let mut v = Vec::<bool>::with_capacity(16); v.set_len(16); } ``` The intention is that with this change, we avoid one of the soundness questions about the above snippet, because Vec::drop no longer produces a mutable slice of the vector's contents. r? @RalfJung
4adebb9f · Tyler Mandry · GitHub · 7ced01a7 · f654daf3 · 4adebb9f
隐藏空白更改
内联并排

Showing with 10 addition and 4 deletion

src/liballoc/vec.rs src/liballoc/vec.rs +10 -4

未找到文件。
--- a/src/liballoc/vec.rs
+++ b/src/liballoc/vec.rs
@@ -741,7 +741,7 @@ pub fn truncate(&mut self, len: usize) {
                return;
            }
            let remaining_len = self.len - len;
-            let s = slice::from_raw_parts_mut(self.as_mut_ptr().add(len), remaining_len);
+            let s = ptr::slice_from_raw_parts_mut(self.as_mut_ptr().add(len), remaining_len);
            self.len = len;
            ptr::drop_in_place(s);
        }
@@ -2379,7 +2379,9 @@ unsafe impl<#[may_dangle] T> Drop for Vec<T> {
    fn drop(&mut self) {
        unsafe {
            // use drop for [T]
-            ptr::drop_in_place(&mut self[..]);
+            // use a raw slice to refer to the elements of the vector as weakest necessary type;
+            // could avoid questions of validity in certain cases
+            ptr::drop_in_place(ptr::slice_from_raw_parts_mut(self.as_mut_ptr(), self.len))
        }
        // RawVec handles deallocation
    }
@@ -2596,7 +2598,11 @@ pub fn as_slice(&self) -> &[T] {
    /// ```
    #[stable(feature = "vec_into_iter_as_slice", since = "1.15.0")]
    pub fn as_mut_slice(&mut self) -> &mut [T] {
-        unsafe { slice::from_raw_parts_mut(self.ptr as *mut T, self.len()) }
+        unsafe { &mut *self.as_raw_mut_slice() }
+    }
+
+    fn as_raw_mut_slice(&mut self) -> *mut [T] {
+        ptr::slice_from_raw_parts_mut(self.ptr as *mut T, self.len())
    }
 }

@@ -2708,7 +2714,7 @@ fn drop(&mut self) {
        let guard = DropGuard(self);
        // destroy the remaining elements
        unsafe {
-            ptr::drop_in_place(guard.0.as_mut_slice());
+            ptr::drop_in_place(guard.0.as_raw_mut_slice());
        }
        // now `guard` will be dropped and do the rest
    }