Skip to content

Fix UB in documentation example #93

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Sep 11, 2022
Merged

Fix UB in documentation example #93

merged 3 commits into from
Sep 11, 2022

Conversation

clubby789
Copy link
Contributor

The example creates a new AsciiString::from_raw_parts using a shared reference casted to a mutable pointer. This changes the example to use an exclusive reference/pointer.

tormol
tormol reviewed Sep 11, 2022
View reviewed changes
Copy link
Collaborator

@tormol tormol left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for fixing it and adding miri to CI.

I've updated the docs. What do you think?

src/ascii_string.rs Outdated
@@ -65,6 +65,7 @@ impl AsciiString {
///
/// * The memory at `buf` need to have been previously allocated by the same allocator this
/// library uses.
/// * `buf` must be obtained from a valid `&mut` reference to guarentee exclusive ownership.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think either this is implied by *mut, or that miri is stricter than the language currently is.
The docs for String::from_raw_parts() doesn't mention this.

src/ascii_string.rs Outdated
@@ -98,8 +99,8 @@ impl AsciiString {
pub unsafe fn from_raw_parts(buf: *mut AsciiChar, length: usize, capacity: usize) -> Self {
AsciiString {
// SAFETY: Caller guarantees `buf` was previously allocated by this library,
// that `buf` contains `length` valid ascii elements and has a total
// capacity of `capacity` elements.
// is a unique pointer, `buf` contains `length` valid ascii elements,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The term unique pointer isn't really used in rust, and

clubby789 and others added 3 commits September 12, 2022 01:16
@clubby789 @tormol
Change example to remove UB

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode
d61f70f 
The example creates a new `AsciiString::from_raw_parts` using a
shared reference casted to a mutable pointer. This changes the example
to use an exclusive reference/pointer.
@clubby789 @tormol
Add Miri to GitHub CI

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode
19c6636
@tormol
Improve documentation of AsciiString::from_raw_parts()

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode
6ecfc99
@clubby789
Copy link
Contributor Author

That's probably best, I updated the docs while I was changing the example but best to match stds requirements.

@tormol tormol merged commit 90abe2d into tomprogrammer:master Sep 11, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tormol tormol

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@clubby789 @tormol