Skip to content

Commit 827251e

Browse files
author
Dylan MacKenzie
committed
Shorten ownership safety discussion in read_volatile
Non-`Copy` types should not be in volatile memory.
1 parent e350ba4 commit 827251e

File tree

1 file changed

+15
-8
lines changed

1 file changed

+15
-8
lines changed

src/libcore/ptr.rs

+15-8
Original file line numberDiff line numberDiff line change
@@ -622,6 +622,11 @@ pub unsafe fn write_unaligned<T>(dst: *mut T, src: T) {
622622
/// to not be elided or reordered by the compiler across other volatile
623623
/// operations.
624624
///
625+
/// Memory read with `read_volatile` should almost always be written to using
626+
/// [`write_volatile`].
627+
///
628+
/// [`write_volatile`]: ./fn.write_volatile.html
629+
///
625630
/// # Notes
626631
///
627632
/// Rust does not currently have a rigorously and formally defined memory model,
@@ -644,16 +649,13 @@ pub unsafe fn write_unaligned<T>(dst: *mut T, src: T) {
644649
///
645650
/// * `src` must be properly aligned.
646651
///
647-
/// Additionally, if `T` is not [`Copy`], only the returned value *or* the
648-
/// pointed-to value can be used or dropped after calling `read_volatile`.
649-
/// `read_volatile` creates a bitwise copy of `T`, regardless of whether `T:
650-
/// Copy`, which can result in undefined behavior if both copies are used.
651-
/// Note that `*src = foo` counts as a use because it will attempt to drop the
652-
/// value previously at `*src`. [`write_volatile`] can be used to overwrite
653-
/// data without causing it to be dropped.
652+
/// Like [`read`], `read_volatile` creates a bitwise copy of the pointed-to
653+
/// object, regardless of whether `T` is [`Copy`]. Using both values can cause
654+
/// undefined behavior. However, storing non-[`Copy`] data in I/O memory is
655+
/// almost certainly incorrect.
654656
///
655657
/// [`Copy`]: ../marker/trait.Copy.html
656-
/// [`write_volatile`]: ./fn.write_volatile.html
658+
/// [`read`]: ./fn.read.html
657659
///
658660
/// # Examples
659661
///
@@ -680,13 +682,18 @@ pub unsafe fn read_volatile<T>(src: *const T) -> T {
680682
/// to not be elided or reordered by the compiler across other volatile
681683
/// operations.
682684
///
685+
/// Memory written with `write_volatile` should almost always be read from using
686+
/// [`read_volatile`].
687+
///
683688
/// `write_volatile` does not drop the contents of `dst`. This is safe, but it
684689
/// could leak allocations or resources, so care must be taken not to overwrite
685690
/// an object that should be dropped.
686691
///
687692
/// Additionally, it does not drop `src`. Semantically, `src` is moved into the
688693
/// location pointed to by `dst`.
689694
///
695+
/// [`read_volatile`]: ./fn.read_volatile.html
696+
///
690697
/// # Notes
691698
///
692699
/// Rust does not currently have a rigorously and formally defined memory model,

0 commit comments

Comments
 (0)