Add slice_ranges safety comment

This commit is contained in:
Markus Everling 2023-02-05 02:16:43 +01:00
parent 8ca25b8e49
commit 1e114a88bd
2 changed files with 12 additions and 5 deletions

View File

@ -62,11 +62,10 @@ impl<'a, T, A: Allocator> Drain<'a, T, A> {
// We know that `self.idx + self.remaining <= deque.len <= usize::MAX`, so this won't overflow.
let end = start + self.remaining;
// SAFETY: the range `start..end` lies strictly inside
// the range `0..deque.original_len`. Because of this, and because
// we haven't touched the elements inside this range yet,
// it's guaranteed that `a_range` and `b_range` represent valid ranges into
// the deques buffer.
// SAFETY: `start..end` represents the range of elements that
// haven't been drained yet, so they're all initialized,
// and `slice::range(start..end, end) == start..end`,
// so the preconditions for `slice_ranges` are met.
let (a_range, b_range) = deque.slice_ranges(start..end, end);
(deque.buffer_range(a_range), deque.buffer_range(b_range))
}

View File

@ -1226,6 +1226,14 @@ impl<T, A: Allocator> VecDeque<T, A> {
/// the given range. The `len` parameter should usually just be `self.len`;
/// the reason it's passed explicitly is that if the deque is wrapped in
/// a `Drain`, then `self.len` is not actually the length of the deque.
///
/// # Safety
///
/// This function is always safe to call. For the resulting ranges to be valid
/// ranges into the physical buffer, the caller must ensure that for all possible
/// values of `range` and `len`, the result of calling `slice::range(range, ..len)`
/// represents a valid range into the logical buffer, and that all elements
/// in that range are initialized.
fn slice_ranges<R>(&self, range: R, len: usize) -> (Range<usize>, Range<usize>)
where
R: RangeBounds<usize>,