Skip to content

Commit

Permalink
Rollup merge of rust-lang#134606 - RalfJung:ptr-copy-docs, r=Mark-Sim…
Browse files Browse the repository at this point in the history
…ulacrum

ptr::copy: fix docs for the overlapping case

Fixes rust-lang/unsafe-code-guidelines#549

As discussed in that issue, it doesn't make any sense for `copy` to read a byte via `src` after it was already written via `dst`. The entire point of this method is that is copies correctly even if they overlap, and that requires always reading any given location before writing it.

Cc `@rust-lang/opsem`
  • Loading branch information
jieyouxu authored and poliorcetics committed Dec 28, 2024
2 parents 63c3fa8 + 526d298 commit c3e706d
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 5 deletions.
2 changes: 2 additions & 0 deletions compiler/rustc_const_eval/src/interpret/memory.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1359,6 +1359,8 @@ impl<'tcx, M: Machine<'tcx>> InterpCx<'tcx, M> {
let src_alloc = self.get_alloc_raw(src_alloc_id)?;
let src_range = alloc_range(src_offset, size);
assert!(!self.memory.validation_in_progress, "we can't be copying during validation");
// For the overlapping case, it is crucial that we trigger the read hook
// before the write hook -- the aliasing model cares about the order.
M::before_memory_read(
tcx,
&self.machine,
Expand Down
8 changes: 3 additions & 5 deletions library/core/src/intrinsics/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4364,13 +4364,11 @@ pub const unsafe fn copy_nonoverlapping<T>(src: *const T, dst: *mut T, count: us
///
/// Behavior is undefined if any of the following conditions are violated:
///
/// * `src` must be [valid] for reads of `count * size_of::<T>()` bytes, and must remain valid even
/// when `dst` is written for `count * size_of::<T>()` bytes. (This means if the memory ranges
/// overlap, the two pointers must not be subject to aliasing restrictions relative to each
/// other.)
/// * `src` must be [valid] for reads of `count * size_of::<T>()` bytes.
///
/// * `dst` must be [valid] for writes of `count * size_of::<T>()` bytes, and must remain valid even
/// when `src` is read for `count * size_of::<T>()` bytes.
/// when `src` is read for `count * size_of::<T>()` bytes. (This means if the memory ranges
/// overlap, the `dst` pointer must not be invalidated by `src` reads.)
///
/// * Both `src` and `dst` must be properly aligned.
///
Expand Down

0 comments on commit c3e706d

Please sign in to comment.