Skip to content

Commit 3c00ffa

Browse files
RalfJungRalfJung
committed
ptr::add/sub: these are *not* equivalent to offset(count as isize)
1 parent 95de48b commit 3c00ffa

File tree

3 files changed

+19
-16
lines changed

3 files changed

+19
-16
lines changed

core/src/intrinsics.rs

+1-2
Original file line numberDiff line numberDiff line change
@@ -1425,8 +1425,7 @@ extern "rust-intrinsic" {
14251425
///
14261426
/// If the computed offset is non-zero, then both the starting and resulting pointer must be
14271427
/// either in bounds or at the end of an allocated object. If either pointer is out
1428-
/// of bounds or arithmetic overflow occurs then any further use of the returned value will
1429-
/// result in undefined behavior.
1428+
/// of bounds or arithmetic overflow occurs then this operation is undefined behavior.
14301429
///
14311430
/// The stabilized version of this intrinsic is [`pointer::offset`].
14321431
#[must_use = "returns a new pointer rather than modifying its argument"]

core/src/ptr/const_ptr.rs

+9-7
Original file line numberDiff line numberDiff line change
@@ -346,7 +346,7 @@ impl<T: ?Sized> *const T {
346346
if self.is_null() { None } else { Some(unsafe { &*(self as *const MaybeUninit<T>) }) }
347347
}
348348

349-
/// Adds an offset to a pointer.
349+
/// Adds a signed offset to a pointer.
350350
///
351351
/// `count` is in units of T; e.g., a `count` of 3 represents a pointer
352352
/// offset of `3 * size_of::<T>()` bytes.
@@ -355,7 +355,8 @@ impl<T: ?Sized> *const T {
355355
///
356356
/// If any of the following conditions are violated, the result is Undefined Behavior:
357357
///
358-
/// * The computed offset, `count * size_of::<T>()` bytes, must not overflow `isize`.
358+
/// * The computed offset, `count * size_of::<T>()` bytes (using unbounded arithmetic),
359+
/// must fit in an `isize`.
359360
///
360361
/// * If the computed offset is non-zero, then `self` must be derived from a pointer to some
361362
/// [allocated object], and the entire memory range between `self` and the result must be in
@@ -807,7 +808,7 @@ impl<T: ?Sized> *const T {
807808
}
808809
}
809810

810-
/// Adds an offset to a pointer (convenience for `.offset(count as isize)`).
811+
/// Adds an offset to a pointer.
811812
///
812813
/// `count` is in units of T; e.g., a `count` of 3 represents a pointer
813814
/// offset of `3 * size_of::<T>()` bytes.
@@ -816,7 +817,8 @@ impl<T: ?Sized> *const T {
816817
///
817818
/// If any of the following conditions are violated, the result is Undefined Behavior:
818819
///
819-
/// * The computed offset, `count * size_of::<T>()` bytes, must not overflow `isize`.
820+
/// * The computed offset, `count * size_of::<T>()` bytes (using unbounded arithmetic),
821+
/// must fit in an `isize`.
820822
///
821823
/// * If the computed offset is non-zero, then `self` must be derived from a pointer to some
822824
/// [allocated object], and the entire memory range between `self` and the result must be in
@@ -880,8 +882,7 @@ impl<T: ?Sized> *const T {
880882
unsafe { self.cast::<u8>().add(count).with_metadata_of(self) }
881883
}
882884

883-
/// Subtracts an offset from a pointer (convenience for
884-
/// `.offset((count as isize).wrapping_neg())`).
885+
/// Subtracts an offset from a pointer.
885886
///
886887
/// `count` is in units of T; e.g., a `count` of 3 represents a pointer
887888
/// offset of `3 * size_of::<T>()` bytes.
@@ -890,7 +891,8 @@ impl<T: ?Sized> *const T {
890891
///
891892
/// If any of the following conditions are violated, the result is Undefined Behavior:
892893
///
893-
/// * The computed offset, `count * size_of::<T>()` bytes, must not overflow `isize`.
894+
/// * The computed offset, `count * size_of::<T>()` bytes (using unbounded arithmetic),
895+
/// must fit in an `isize`.
894896
///
895897
/// * If the computed offset is non-zero, then `self` must be derived from a pointer to some
896898
/// [allocated object], and the entire memory range between `self` and the result must be in

core/src/ptr/mut_ptr.rs

+9-7
Original file line numberDiff line numberDiff line change
@@ -344,7 +344,7 @@ impl<T: ?Sized> *mut T {
344344
if self.is_null() { None } else { Some(unsafe { &*(self as *const MaybeUninit<T>) }) }
345345
}
346346

347-
/// Adds an offset to a pointer.
347+
/// Adds a signed offset to a pointer.
348348
///
349349
/// `count` is in units of T; e.g., a `count` of 3 represents a pointer
350350
/// offset of `3 * size_of::<T>()` bytes.
@@ -353,7 +353,8 @@ impl<T: ?Sized> *mut T {
353353
///
354354
/// If any of the following conditions are violated, the result is Undefined Behavior:
355355
///
356-
/// * The computed offset, `count * size_of::<T>()` bytes, must not overflow `isize`.
356+
/// * The computed offset, `count * size_of::<T>()` bytes (using unbounded arithmetic),
357+
/// must fit in an `isize`.
357358
///
358359
/// * If the computed offset is non-zero, then `self` must be derived from a pointer to some
359360
/// [allocated object], and the entire memory range between `self` and the result must be in
@@ -888,7 +889,7 @@ impl<T: ?Sized> *mut T {
888889
unsafe { (self as *const T).sub_ptr(origin) }
889890
}
890891

891-
/// Adds an offset to a pointer (convenience for `.offset(count as isize)`).
892+
/// Adds an offset to a pointer.
892893
///
893894
/// `count` is in units of T; e.g., a `count` of 3 represents a pointer
894895
/// offset of `3 * size_of::<T>()` bytes.
@@ -897,7 +898,8 @@ impl<T: ?Sized> *mut T {
897898
///
898899
/// If any of the following conditions are violated, the result is Undefined Behavior:
899900
///
900-
/// * The computed offset, `count * size_of::<T>()` bytes, must not overflow `isize`.
901+
/// * The computed offset, `count * size_of::<T>()` bytes (using unbounded arithmetic),
902+
/// must fit in an `isize`.
901903
///
902904
/// * If the computed offset is non-zero, then `self` must be derived from a pointer to some
903905
/// [allocated object], and the entire memory range between `self` and the result must be in
@@ -961,8 +963,7 @@ impl<T: ?Sized> *mut T {
961963
unsafe { self.cast::<u8>().add(count).with_metadata_of(self) }
962964
}
963965

964-
/// Subtracts an offset from a pointer (convenience for
965-
/// `.offset((count as isize).wrapping_neg())`).
966+
/// Subtracts an offset from a pointer.
966967
///
967968
/// `count` is in units of T; e.g., a `count` of 3 represents a pointer
968969
/// offset of `3 * size_of::<T>()` bytes.
@@ -971,7 +972,8 @@ impl<T: ?Sized> *mut T {
971972
///
972973
/// If any of the following conditions are violated, the result is Undefined Behavior:
973974
///
974-
/// * The computed offset, `count * size_of::<T>()` bytes, must not overflow `isize`.
975+
/// * The computed offset, `count * size_of::<T>()` bytes (using unbounded arithmetic),
976+
/// must fit in an `isize`.
975977
///
976978
/// * If the computed offset is non-zero, then `self` must be derived from a pointer to some
977979
/// [allocated object], and the entire memory range between `self` and the result must be in

0 commit comments

Comments
 (0)