mirror of
https://github.com/rust-lang/rust.git
synced 2024-10-31 14:31:55 +00:00
Add slice_ranges
safety comment
This commit is contained in:
parent
8ca25b8e49
commit
1e114a88bd
@ -62,11 +62,10 @@ impl<'a, T, A: Allocator> Drain<'a, T, A> {
|
||||
// We know that `self.idx + self.remaining <= deque.len <= usize::MAX`, so this won't overflow.
|
||||
let end = start + self.remaining;
|
||||
|
||||
// SAFETY: the range `start..end` lies strictly inside
|
||||
// the range `0..deque.original_len`. Because of this, and because
|
||||
// we haven't touched the elements inside this range yet,
|
||||
// it's guaranteed that `a_range` and `b_range` represent valid ranges into
|
||||
// the deques buffer.
|
||||
// SAFETY: `start..end` represents the range of elements that
|
||||
// haven't been drained yet, so they're all initialized,
|
||||
// and `slice::range(start..end, end) == start..end`,
|
||||
// so the preconditions for `slice_ranges` are met.
|
||||
let (a_range, b_range) = deque.slice_ranges(start..end, end);
|
||||
(deque.buffer_range(a_range), deque.buffer_range(b_range))
|
||||
}
|
||||
|
@ -1226,6 +1226,14 @@ impl<T, A: Allocator> VecDeque<T, A> {
|
||||
/// the given range. The `len` parameter should usually just be `self.len`;
|
||||
/// the reason it's passed explicitly is that if the deque is wrapped in
|
||||
/// a `Drain`, then `self.len` is not actually the length of the deque.
|
||||
///
|
||||
/// # Safety
|
||||
///
|
||||
/// This function is always safe to call. For the resulting ranges to be valid
|
||||
/// ranges into the physical buffer, the caller must ensure that for all possible
|
||||
/// values of `range` and `len`, the result of calling `slice::range(range, ..len)`
|
||||
/// represents a valid range into the logical buffer, and that all elements
|
||||
/// in that range are initialized.
|
||||
fn slice_ranges<R>(&self, range: R, len: usize) -> (Range<usize>, Range<usize>)
|
||||
where
|
||||
R: RangeBounds<usize>,
|
||||
|
Loading…
Reference in New Issue
Block a user