std: Unsafe-wrap std::io · model-checking/verify-rust-std@8c3a9c1 (original) (raw)
4 files changed
lines changed
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -433,9 +433,11 @@ impl<W: ?Sized + Write> BufWriter { | ||
| 433 | 433 | let old_len = self.buf.len(); |
| 434 | 434 | let buf_len = buf.len(); |
| 435 | 435 | let src = buf.as_ptr(); |
| 436 | -let dst = self.buf.as_mut_ptr().add(old_len); | |
| 437 | - ptr::copy_nonoverlapping(src, dst, buf_len); | |
| 438 | -self.buf.set_len(old_len + buf_len); | |
| 436 | +unsafe { | |
| 437 | +let dst = self.buf.as_mut_ptr().add(old_len); | |
| 438 | + ptr::copy_nonoverlapping(src, dst, buf_len); | |
| 439 | +self.buf.set_len(old_len + buf_len); | |
| 440 | +} | |
| 439 | 441 | } |
| 440 | 442 | |
| 441 | 443 | #[inline] |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -482,7 +482,7 @@ where | ||
| 482 | 482 | A: Allocator, |
| 483 | 483 | { |
| 484 | 484 | debug_assert!(vec.capacity() >= pos + buf.len()); |
| 485 | - vec.as_mut_ptr().add(pos).copy_from(buf.as_ptr(), buf.len()); | |
| 485 | +unsafe { vec.as_mut_ptr().add(pos).copy_from(buf.as_ptr(), buf.len()) }; | |
| 486 | 486 | pos + buf.len() |
| 487 | 487 | } |
| 488 | 488 |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -267,11 +267,14 @@ where | ||
| 267 | 267 | // Using this rather than unwrap meaningfully improves the code |
| 268 | 268 | // for callers which only care about one variant (usually |
| 269 | 269 | // `Custom`) |
| 270 | - core::hint::unreachable_unchecked(); | |
| 270 | +unsafe { core::hint::unreachable_unchecked() }; | |
| 271 | 271 | }); |
| 272 | 272 | ErrorData::Simple(kind) |
| 273 | 273 | } |
| 274 | -TAG_SIMPLE_MESSAGE => ErrorData::SimpleMessage(&*ptr.cast::<SimpleMessage>().as_ptr()), | |
| 274 | +TAG_SIMPLE_MESSAGE => { | |
| 275 | +// SAFETY: per tag | |
| 276 | +unsafe { ErrorData::SimpleMessage(&*ptr.cast::<SimpleMessage>().as_ptr()) } | |
| 277 | +} | |
| 275 | 278 | TAG_CUSTOM => { |
| 276 | 279 | // It would be correct for us to use `ptr::byte_sub` here (see the |
| 277 | 280 | // comment above the `wrapping_add` call in `new_custom` for why), |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -293,7 +293,6 @@ | ||
| 293 | 293 | //! [`Arc`]: crate::sync::Arc |
| 294 | 294 | |
| 295 | 295 | #![stable(feature = "rust1", since = "1.0.0")] |
| 296 | -#![allow(unsafe_op_in_unsafe_fn)] | |
| 297 | 296 | |
| 298 | 297 | #[cfg(test)] |
| 299 | 298 | mod tests; |
| @@ -383,11 +382,11 @@ pub(crate) unsafe fn append_to_string(buf: &mut String, f: F) -> Result<usize | ||
| 383 | 382 | where |
| 384 | 383 | F: FnOnce(&mut Vec<u8>) -> Result<usize>, |
| 385 | 384 | { |
| 386 | -let mut g = Guard { len: buf.len(), buf: buf.as_mut_vec() }; | |
| 385 | +let mut g = Guard { len: buf.len(), buf: unsafe { buf.as_mut_vec() } }; | |
| 387 | 386 | let ret = f(g.buf); |
| 388 | 387 | |
| 389 | 388 | // SAFETY: the caller promises to only append data to `buf` |
| 390 | -let appended = g.buf.get_unchecked(g.len..); | |
| 389 | +let appended = unsafe { g.buf.get_unchecked(g.len..) }; | |
| 391 | 390 | if str::from_utf8(appended).is_err() { |
| 392 | 391 | ret.and_then(|_ |
| 393 | 392 | } else { |