ptr::add/sub: these are not equivalent to offset(count as isize) · qinheping/verify-rust-std@3c00ffa (original) (raw)

`@@ -344,7 +344,7 @@ impl<T: ?Sized> *mut T {

`

344

344

`if self.is_null() { None } else { Some(unsafe { &*(self as *const MaybeUninit) }) }

`

345

345

`}

`

346

346

``

347

``

`-

/// Adds an offset to a pointer.

`

``

347

`+

/// Adds a signed offset to a pointer.

`

348

348

`///

`

349

349

`` /// count is in units of T; e.g., a count of 3 represents a pointer

``

350

350

`` /// offset of 3 * size_of::<T>() bytes.

``

`@@ -353,7 +353,8 @@ impl<T: ?Sized> *mut T {

`

353

353

`///

`

354

354

`/// If any of the following conditions are violated, the result is Undefined Behavior:

`

355

355

`///

`

356

``

`` -

/// * The computed offset, count * size_of::<T>() bytes, must not overflow isize.

``

``

356

`` +

/// * The computed offset, count * size_of::<T>() bytes (using unbounded arithmetic),

``

``

357

`` +

/// must fit in an isize.

``

357

358

`///

`

358

359

`` /// * If the computed offset is non-zero, then self must be derived from a pointer to some

``

359

360

`` /// [allocated object], and the entire memory range between self and the result must be in

``

`@@ -888,7 +889,7 @@ impl<T: ?Sized> *mut T {

`

888

889

`unsafe { (self as *const T).sub_ptr(origin) }

`

889

890

`}

`

890

891

``

891

``

`` -

/// Adds an offset to a pointer (convenience for .offset(count as isize)).

``

``

892

`+

/// Adds an offset to a pointer.

`

892

893

`///

`

893

894

`` /// count is in units of T; e.g., a count of 3 represents a pointer

``

894

895

`` /// offset of 3 * size_of::<T>() bytes.

``

`@@ -897,7 +898,8 @@ impl<T: ?Sized> *mut T {

`

897

898

`///

`

898

899

`/// If any of the following conditions are violated, the result is Undefined Behavior:

`

899

900

`///

`

900

``

`` -

/// * The computed offset, count * size_of::<T>() bytes, must not overflow isize.

``

``

901

`` +

/// * The computed offset, count * size_of::<T>() bytes (using unbounded arithmetic),

``

``

902

`` +

/// must fit in an isize.

``

901

903

`///

`

902

904

`` /// * If the computed offset is non-zero, then self must be derived from a pointer to some

``

903

905

`` /// [allocated object], and the entire memory range between self and the result must be in

``

`@@ -961,8 +963,7 @@ impl<T: ?Sized> *mut T {

`

961

963

`unsafe { self.cast::().add(count).with_metadata_of(self) }

`

962

964

`}

`

963

965

``

964

``

`-

/// Subtracts an offset from a pointer (convenience for

`

965

``

`` -

/// .offset((count as isize).wrapping_neg())).

``

``

966

`+

/// Subtracts an offset from a pointer.

`

966

967

`///

`

967

968

`` /// count is in units of T; e.g., a count of 3 represents a pointer

``

968

969

`` /// offset of 3 * size_of::<T>() bytes.

``

`@@ -971,7 +972,8 @@ impl<T: ?Sized> *mut T {

`

971

972

`///

`

972

973

`/// If any of the following conditions are violated, the result is Undefined Behavior:

`

973

974

`///

`

974

``

`` -

/// * The computed offset, count * size_of::<T>() bytes, must not overflow isize.

``

``

975

`` +

/// * The computed offset, count * size_of::<T>() bytes (using unbounded arithmetic),

``

``

976

`` +

/// must fit in an isize.

``

975

977

`///

`

976

978

`` /// * If the computed offset is non-zero, then self must be derived from a pointer to some

``

977

979

`` /// [allocated object], and the entire memory range between self and the result must be in

``