Document missing unsafe blocks · rust-lang/rust@5eff264 (original) (raw)

`@@ -21,6 +21,9 @@ struct InsertionHole {

`

21

21

``

22

22

`impl Drop for InsertionHole {

`

23

23

`fn drop(&mut self) {

`

``

24

`+

// SAFETY: This is a helper class. Please refer to its usage for correctness. Namely, one

`

``

25

`` +

// must be sure that src and dst does not overlap as required by

``

``

26

`` +

// ptr::copy_nonoverlapping and are both valid for writes.

``

24

27

`unsafe {

`

25

28

` ptr::copy_nonoverlapping(self.src, self.dest, 1);

`

26

29

`}

`

88

91

`{

`

89

92

`debug_assert!(v.len() >= 2);

`

90

93

``

``

94

`+

// SAFETY: caller must ensure v is at least len 2.

`

91

95

`unsafe {

`

92

96

`if is_less(v.get_unchecked(1), v.get_unchecked(0)) {

`

93

97

`let arr_ptr = v.as_mut_ptr();

`

`@@ -153,7 +157,8 @@ where

`

153

157

`// Shift each element of the unsorted region v[i..] as far left as is needed to make v sorted.

`

154

158

`for i in offset..len {

`

155

159

`` // SAFETY: we tested that offset must be at least 1, so this loop is only entered if len

``

156

``

`-

// >= 2.

`

``

160

`` +

// >= 2. The range is exclusive and we know i must be at least 1 so this slice has at

``

``

161

`+

// >least len 2.

`

157

162

`unsafe {

`

158

163

`insert_tail(&mut v[..=i], is_less);

`

159

164

`}

`

`@@ -176,9 +181,10 @@ where

`

176

181

``

177

182

`// Shift each element of the unsorted region v[..i] as far left as is needed to make v sorted.

`

178

183

`for i in (0..offset).rev() {

`

179

``

`-

// We ensured that the slice length is always at least 2 long.

`

180

``

`-

// We know that start_found will be at least one less than end,

`

181

``

`-

// and the range is exclusive. Which gives us i always <= (end - 2).

`

``

184

`` +

// SAFETY: we tested that offset must be at least 1, so this loop is only entered if len

``

``

185

`+

// >= 2.We ensured that the slice length is always at least 2 long. We know that start_found

`

``

186

`+

// will be at least one less than end, and the range is exclusive. Which gives us i always

`

``

187

`+

// <= (end - 2).

`

182

188

`unsafe {

`

183

189

`insert_head(&mut v[i..len], is_less);

`

184

190

`}

`

`@@ -1222,6 +1228,8 @@ pub fn merge_sort<T, CmpF, ElemAllocF, ElemDeallocF, RunAllocF, RunDeallocF>(

`

1222

1228

`let left = runs[r];

`

1223

1229

`let right = runs[r + 1];

`

1224

1230

`let merge_slice = &mut v[left.start..right.start + right.len];

`

``

1231

`` +

// SAFETY: buf_ptr must hold enough capacity for the shorter of the two sides, and

``

``

1232

`+

// neither side may be on length 0.

`

1225

1233

`unsafe {

`

1226

1234

`merge(merge_slice, left.len, buf_ptr, is_less);

`

1227

1235

`}

`