mirror of
https://github.com/rust-lang/rust.git
synced 2025-01-24 13:43:04 +00:00
Change 'NULL' to 'null'
This commit is contained in:
Brent Kerby
parent
e10cbc33c1
commit
6679f5ceb1
@ -66,7 +66,7 @@ fn search_meta_section<'a>(
|
||||
let mut name_buf = None;
|
||||
let name_len = llvm::LLVMRustGetSectionName(si.llsi, &mut name_buf);
|
||||
let name = name_buf.map_or_else(
|
||||
String::new, // We got a NULL ptr, ignore `name_len`.
|
||||
String::new, // We got a null ptr, ignore `name_len`.
|
||||
|buf| {
|
||||
String::from_utf8(
|
||||
slice::from_raw_parts(buf.as_ptr() as *const u8, name_len as usize)
|
||||
|
||||
@ -2328,7 +2328,7 @@ const HAS_MIN_FEATURES: &[Symbol] = &[sym::specialization];
|
||||
|
||||
declare_lint! {
|
||||
/// The `invalid_value` lint detects creating a value that is not valid,
|
||||
/// such as a NULL reference.
|
||||
/// such as a null reference.
|
||||
///
|
||||
/// ### Example
|
||||
///
|
||||
@ -2359,7 +2359,7 @@ declare_lint! {
|
||||
/// [undefined behavior]: https://doc.rust-lang.org/reference/behavior-considered-undefined.html
|
||||
pub INVALID_VALUE,
|
||||
Warn,
|
||||
"an invalid value is being created (such as a NULL reference)"
|
||||
"an invalid value is being created (such as a null reference)"
|
||||
}
|
||||
|
||||
declare_lint_pass!(InvalidValue => [INVALID_VALUE]);
|
||||
|
||||
@ -105,7 +105,7 @@ mod dl {
|
||||
return Ok(ret.cast());
|
||||
}
|
||||
|
||||
// A NULL return from `dlopen` indicates that an error has definitely occurred, so if
|
||||
// A null return from `dlopen` indicates that an error has definitely occurred, so if
|
||||
// nothing is in `dlerror`, we are racing with another thread that has stolen our error
|
||||
// message. See the explanation on the `dl::error` module for more information.
|
||||
dlerror.get().and_then(|()| Err("Unknown error".to_string()))
|
||||
@ -117,7 +117,7 @@ mod dl {
|
||||
) -> Result<*mut u8, String> {
|
||||
let mut dlerror = error::lock();
|
||||
|
||||
// Unlike `dlopen`, it's possible for `dlsym` to return NULL without overwriting `dlerror`.
|
||||
// Unlike `dlopen`, it's possible for `dlsym` to return null without overwriting `dlerror`.
|
||||
// Because of this, we clear `dlerror` before calling `dlsym` to avoid picking up a stale
|
||||
// error message by accident.
|
||||
dlerror.clear();
|
||||
@ -128,7 +128,7 @@ mod dl {
|
||||
return Ok(ret.cast());
|
||||
}
|
||||
|
||||
// If `dlsym` returns NULL but there is nothing in `dlerror` it means one of two things:
|
||||
// If `dlsym` returns null but there is nothing in `dlerror` it means one of two things:
|
||||
// - We tried to load a symbol mapped to address 0. This is not technically an error but is
|
||||
// unlikely to occur in practice and equally unlikely to be handled correctly by calling
|
||||
// code. Therefore we treat it as an error anyway.
|
||||
|
||||
@ -185,7 +185,7 @@ impl fmt::Display for CheckInAllocMsg {
|
||||
"{}",
|
||||
match *self {
|
||||
CheckInAllocMsg::MemoryAccessTest => "memory access",
|
||||
CheckInAllocMsg::NullPointerTest => "NULL pointer test",
|
||||
CheckInAllocMsg::NullPointerTest => "null pointer test",
|
||||
CheckInAllocMsg::PointerArithmeticTest => "pointer arithmetic",
|
||||
CheckInAllocMsg::InboundsTest => "inbounds test",
|
||||
}
|
||||
@ -309,7 +309,7 @@ impl fmt::Display for UndefinedBehaviorInfo<'_> {
|
||||
allocation_size.bytes()
|
||||
),
|
||||
DanglingIntPointer(_, CheckInAllocMsg::NullPointerTest) => {
|
||||
write!(f, "NULL pointer is not allowed for this operation")
|
||||
write!(f, "null pointer is not allowed for this operation")
|
||||
}
|
||||
DanglingIntPointer(i, msg) => {
|
||||
write!(f, "{} failed: 0x{:x} is not a valid pointer", msg, i)
|
||||
|
||||
@ -81,7 +81,7 @@ impl UnsafetyViolationDetails {
|
||||
),
|
||||
DerefOfRawPointer => (
|
||||
"dereference of raw pointer",
|
||||
"raw pointers may be NULL, dangling or unaligned; they can violate aliasing rules \
|
||||
"raw pointers may be null, dangling or unaligned; they can violate aliasing rules \
|
||||
and cause data races: all of these are undefined behavior",
|
||||
),
|
||||
AssignToDroppingUnionField => (
|
||||
|
||||
@ -348,8 +348,8 @@ impl<'mir, 'tcx: 'mir, M: Machine<'mir, 'tcx>> InterpCx<'mir, 'tcx, M> {
|
||||
let b = self.read_immediate(&args[1])?.to_scalar()?;
|
||||
|
||||
// Special case: if both scalars are *equal integers*
|
||||
// and not NULL, we pretend there is an allocation of size 0 right there,
|
||||
// and their offset is 0. (There's never a valid object at NULL, making it an
|
||||
// and not null, we pretend there is an allocation of size 0 right there,
|
||||
// and their offset is 0. (There's never a valid object at null, making it an
|
||||
// exception from the exception.)
|
||||
// This is the dual to the special exception for offset-by-0
|
||||
// in the inbounds pointer offset operation (see the Miri code, `src/operator.rs`).
|
||||
@ -501,7 +501,7 @@ impl<'mir, 'tcx: 'mir, M: Machine<'mir, 'tcx>> InterpCx<'mir, 'tcx, M> {
|
||||
|
||||
/// Offsets a pointer by some multiple of its type, returning an error if the pointer leaves its
|
||||
/// allocation. For integer pointers, we consider each of them their own tiny allocation of size
|
||||
/// 0, so offset-by-0 (and only 0) is okay -- except that NULL cannot be offset by _any_ value.
|
||||
/// 0, so offset-by-0 (and only 0) is okay -- except that null cannot be offset by _any_ value.
|
||||
pub fn ptr_offset_inbounds(
|
||||
&self,
|
||||
ptr: Scalar<M::PointerTag>,
|
||||
@ -521,7 +521,7 @@ impl<'mir, 'tcx: 'mir, M: Machine<'mir, 'tcx>> InterpCx<'mir, 'tcx, M> {
|
||||
// pointers to be properly aligned (unlike a read/write operation).
|
||||
let min_ptr = if offset_bytes >= 0 { ptr } else { offset_ptr };
|
||||
let size = offset_bytes.unsigned_abs();
|
||||
// This call handles checking for integer/NULL pointers.
|
||||
// This call handles checking for integer/null pointers.
|
||||
self.memory.check_ptr_access_align(
|
||||
min_ptr,
|
||||
Size::from_bytes(size),
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
//!
|
||||
//! Generally, we use `Pointer` to denote memory addresses. However, some operations
|
||||
//! have a "size"-like parameter, and they take `Scalar` for the address because
|
||||
//! if the size is 0, then the pointer can also be a (properly aligned, non-NULL)
|
||||
//! if the size is 0, then the pointer can also be a (properly aligned, non-null)
|
||||
//! integer. It is crucial that these operations call `check_align` *before*
|
||||
//! short-circuiting the empty case!
|
||||
|
||||
@ -105,7 +105,7 @@ pub struct Memory<'mir, 'tcx, M: Machine<'mir, 'tcx>> {
|
||||
/// Map for "extra" function pointers.
|
||||
extra_fn_ptr_map: FxHashMap<AllocId, M::ExtraFnVal>,
|
||||
|
||||
/// To be able to compare pointers with NULL, and to check alignment for accesses
|
||||
/// To be able to compare pointers with null, and to check alignment for accesses
|
||||
/// to ZSTs (where pointers may dangle), we keep track of the size even for allocations
|
||||
/// that do not exist any more.
|
||||
// FIXME: this should not be public, but interning currently needs access to it
|
||||
@ -391,7 +391,7 @@ impl<'mir, 'tcx, M: Machine<'mir, 'tcx>> Memory<'mir, 'tcx, M> {
|
||||
Ok(bits) => {
|
||||
let bits = u64::try_from(bits).unwrap(); // it's ptr-sized
|
||||
assert!(size.bytes() == 0);
|
||||
// Must be non-NULL.
|
||||
// Must be non-null.
|
||||
if bits == 0 {
|
||||
throw_ub!(DanglingIntPointer(0, msg))
|
||||
}
|
||||
@ -404,7 +404,7 @@ impl<'mir, 'tcx, M: Machine<'mir, 'tcx>> Memory<'mir, 'tcx, M> {
|
||||
Err(ptr) => {
|
||||
let (allocation_size, alloc_align) =
|
||||
self.get_size_and_align(ptr.alloc_id, AllocCheck::Dereferenceable)?;
|
||||
// Test bounds. This also ensures non-NULL.
|
||||
// Test bounds. This also ensures non-null.
|
||||
// It is sufficient to check this for the end pointer. The addition
|
||||
// checks for overflow.
|
||||
let end_ptr = ptr.offset(size, self)?;
|
||||
@ -436,7 +436,7 @@ impl<'mir, 'tcx, M: Machine<'mir, 'tcx>> Memory<'mir, 'tcx, M> {
|
||||
})
|
||||
}
|
||||
|
||||
/// Test if the pointer might be NULL.
|
||||
/// Test if the pointer might be null.
|
||||
pub fn ptr_may_be_null(&self, ptr: Pointer<M::PointerTag>) -> bool {
|
||||
let (size, _align) = self
|
||||
.get_size_and_align(ptr.alloc_id, AllocCheck::MaybeDead)
|
||||
|
||||
@ -375,7 +375,7 @@ where
|
||||
assert!(place.mplace.align <= align, "dynamic alignment less strict than static one?");
|
||||
// Check (stricter) dynamic alignment, unless forced otherwise.
|
||||
place.mplace.align = force_align.unwrap_or(align);
|
||||
// When dereferencing a pointer, it must be non-NULL, aligned, and live.
|
||||
// When dereferencing a pointer, it must be non-null, aligned, and live.
|
||||
if let Some(ptr) = self.check_mplace_access(&place, Some(size))? {
|
||||
place.mplace.ptr = ptr.into();
|
||||
}
|
||||
|
||||
@ -427,7 +427,7 @@ impl<'rt, 'mir, 'tcx: 'mir, M: Machine<'mir, 'tcx>> ValidityVisitor<'rt, 'mir, '
|
||||
has.bytes()
|
||||
},
|
||||
err_ub!(DanglingIntPointer(0, _)) =>
|
||||
{ "a NULL {}", kind },
|
||||
{ "a null {}", kind },
|
||||
err_ub!(DanglingIntPointer(i, _)) =>
|
||||
{ "a dangling {} (address 0x{:x} is unallocated)", kind, i },
|
||||
err_ub!(PointerOutOfBounds { .. }) =>
|
||||
@ -662,10 +662,10 @@ impl<'rt, 'mir, 'tcx: 'mir, M: Machine<'mir, 'tcx>> ValidityVisitor<'rt, 'mir, '
|
||||
let bits = match value.to_bits_or_ptr(op.layout.size, self.ecx) {
|
||||
Err(ptr) => {
|
||||
if lo == 1 && hi == max_hi {
|
||||
// Only NULL is the niche. So make sure the ptr is NOT NULL.
|
||||
// Only null is the niche. So make sure the ptr is NOT null.
|
||||
if self.ecx.memory.ptr_may_be_null(ptr) {
|
||||
throw_validation_failure!(self.path,
|
||||
{ "a potentially NULL pointer" }
|
||||
{ "a potentially null pointer" }
|
||||
expected {
|
||||
"something that cannot possibly fail to be {}",
|
||||
wrapping_range_format(valid_range, max_hi)
|
||||
|
||||
@ -84,7 +84,7 @@
|
||||
//! /* Returns ownership to the caller */
|
||||
//! struct Foo* foo_new(void);
|
||||
//!
|
||||
//! /* Takes ownership from the caller; no-op when invoked with NULL */
|
||||
//! /* Takes ownership from the caller; no-op when invoked with null */
|
||||
//! void foo_delete(struct Foo*);
|
||||
//! ```
|
||||
//!
|
||||
|
||||
@ -1773,7 +1773,7 @@ extern "rust-intrinsic" {
|
||||
/// [violate memory safety][read-ownership].
|
||||
///
|
||||
/// Note that even if the effectively copied size (`count * size_of::<T>()`) is
|
||||
/// `0`, the pointers must be non-NULL and properly aligned.
|
||||
/// `0`, the pointers must be non-null and properly aligned.
|
||||
///
|
||||
/// [`read`]: crate::ptr::read
|
||||
/// [read-ownership]: crate::ptr::read#ownership-of-the-returned-value
|
||||
@ -1857,7 +1857,7 @@ extern "rust-intrinsic" {
|
||||
/// [violate memory safety][read-ownership].
|
||||
///
|
||||
/// Note that even if the effectively copied size (`count * size_of::<T>()`) is
|
||||
/// `0`, the pointers must be non-NULL and properly aligned.
|
||||
/// `0`, the pointers must be non-null and properly aligned.
|
||||
///
|
||||
/// [`read`]: crate::ptr::read
|
||||
/// [read-ownership]: crate::ptr::read#ownership-of-the-returned-value
|
||||
@ -1928,7 +1928,7 @@ pub(crate) fn is_aligned_and_not_null<T>(ptr: *const T) -> bool {
|
||||
/// invalid value of `T` is undefined behavior.
|
||||
///
|
||||
/// Note that even if the effectively copied size (`count * size_of::<T>()`) is
|
||||
/// `0`, the pointer must be non-NULL and properly aligned.
|
||||
/// `0`, the pointer must be non-null and properly aligned.
|
||||
///
|
||||
/// [valid]: crate::ptr#safety
|
||||
///
|
||||
|
||||
@ -10,7 +10,7 @@ use crate::ptr;
|
||||
///
|
||||
/// The compiler, in general, assumes that a variable is properly initialized
|
||||
/// according to the requirements of the variable's type. For example, a variable of
|
||||
/// reference type must be aligned and non-NULL. This is an invariant that must
|
||||
/// reference type must be aligned and non-null. This is an invariant that must
|
||||
/// *always* be upheld, even in unsafe code. As a consequence, zero-initializing a
|
||||
/// variable of reference type causes instantaneous [undefined behavior][ub],
|
||||
/// no matter whether that reference ever gets used to access memory:
|
||||
|
||||
@ -66,7 +66,7 @@ impl<T: ?Sized> *const T {
|
||||
///
|
||||
/// # Safety
|
||||
///
|
||||
/// When calling this method, you have to ensure that *either* the pointer is NULL *or*
|
||||
/// When calling this method, you have to ensure that *either* the pointer is null *or*
|
||||
/// all of the following is true:
|
||||
///
|
||||
/// * The pointer must be properly aligned.
|
||||
@ -130,7 +130,7 @@ impl<T: ?Sized> *const T {
|
||||
///
|
||||
/// # Safety
|
||||
///
|
||||
/// When calling this method, you have to ensure that *either* the pointer is NULL *or*
|
||||
/// When calling this method, you have to ensure that *either* the pointer is null *or*
|
||||
/// all of the following is true:
|
||||
///
|
||||
/// * The pointer must be properly aligned.
|
||||
@ -974,7 +974,7 @@ impl<T> *const [T] {
|
||||
///
|
||||
/// # Safety
|
||||
///
|
||||
/// When calling this method, you have to ensure that *either* the pointer is NULL *or*
|
||||
/// When calling this method, you have to ensure that *either* the pointer is null *or*
|
||||
/// all of the following is true:
|
||||
///
|
||||
/// * The pointer must be [valid] for reads for `ptr.len() * mem::size_of::<T>()` many bytes,
|
||||
|
||||
@ -149,7 +149,7 @@ mod mut_ptr;
|
||||
/// again. [`write()`] can be used to overwrite data without causing it to be
|
||||
/// dropped.
|
||||
///
|
||||
/// Note that even if `T` has size `0`, the pointer must be non-NULL and properly aligned.
|
||||
/// Note that even if `T` has size `0`, the pointer must be non-null and properly aligned.
|
||||
///
|
||||
/// [valid]: self#safety
|
||||
///
|
||||
@ -315,7 +315,7 @@ pub const fn slice_from_raw_parts_mut<T>(data: *mut T, len: usize) -> *mut [T] {
|
||||
///
|
||||
/// * Both `x` and `y` must be properly aligned.
|
||||
///
|
||||
/// Note that even if `T` has size `0`, the pointers must be non-NULL and properly aligned.
|
||||
/// Note that even if `T` has size `0`, the pointers must be non-null and properly aligned.
|
||||
///
|
||||
/// [valid]: self#safety
|
||||
///
|
||||
@ -394,7 +394,7 @@ pub const unsafe fn swap<T>(x: *mut T, y: *mut T) {
|
||||
/// beginning at `y` with the same size.
|
||||
///
|
||||
/// Note that even if the effectively copied size (`count * size_of::<T>()`) is `0`,
|
||||
/// the pointers must be non-NULL and properly aligned.
|
||||
/// the pointers must be non-null and properly aligned.
|
||||
///
|
||||
/// [valid]: self#safety
|
||||
///
|
||||
@ -540,7 +540,7 @@ const unsafe fn swap_nonoverlapping_bytes(x: *mut u8, y: *mut u8, len: usize) {
|
||||
///
|
||||
/// * `dst` must point to a properly initialized value of type `T`.
|
||||
///
|
||||
/// Note that even if `T` has size `0`, the pointer must be non-NULL and properly aligned.
|
||||
/// Note that even if `T` has size `0`, the pointer must be non-null and properly aligned.
|
||||
///
|
||||
/// [valid]: self#safety
|
||||
///
|
||||
@ -588,7 +588,7 @@ pub const unsafe fn replace<T>(dst: *mut T, mut src: T) -> T {
|
||||
///
|
||||
/// * `src` must point to a properly initialized value of type `T`.
|
||||
///
|
||||
/// Note that even if `T` has size `0`, the pointer must be non-NULL and properly aligned.
|
||||
/// Note that even if `T` has size `0`, the pointer must be non-null and properly aligned.
|
||||
///
|
||||
/// # Examples
|
||||
///
|
||||
@ -713,7 +713,7 @@ pub const unsafe fn read<T>(src: *const T) -> T {
|
||||
/// whether `T` is [`Copy`]. If `T` is not [`Copy`], using both the returned
|
||||
/// value and the value at `*src` can [violate memory safety][read-ownership].
|
||||
///
|
||||
/// Note that even if `T` has size `0`, the pointer must be non-NULL.
|
||||
/// Note that even if `T` has size `0`, the pointer must be non-null.
|
||||
///
|
||||
/// [read-ownership]: read#ownership-of-the-returned-value
|
||||
/// [valid]: self#safety
|
||||
@ -818,7 +818,7 @@ pub const unsafe fn read_unaligned<T>(src: *const T) -> T {
|
||||
/// * `dst` must be properly aligned. Use [`write_unaligned`] if this is not the
|
||||
/// case.
|
||||
///
|
||||
/// Note that even if `T` has size `0`, the pointer must be non-NULL and properly aligned.
|
||||
/// Note that even if `T` has size `0`, the pointer must be non-null and properly aligned.
|
||||
///
|
||||
/// [valid]: self#safety
|
||||
///
|
||||
@ -910,7 +910,7 @@ pub const unsafe fn write<T>(dst: *mut T, src: T) {
|
||||
///
|
||||
/// * `dst` must be [valid] for writes.
|
||||
///
|
||||
/// Note that even if `T` has size `0`, the pointer must be non-NULL.
|
||||
/// Note that even if `T` has size `0`, the pointer must be non-null.
|
||||
///
|
||||
/// [valid]: self#safety
|
||||
///
|
||||
@ -1024,7 +1024,7 @@ pub const unsafe fn write_unaligned<T>(dst: *mut T, src: T) {
|
||||
/// However, storing non-[`Copy`] types in volatile memory is almost certainly
|
||||
/// incorrect.
|
||||
///
|
||||
/// Note that even if `T` has size `0`, the pointer must be non-NULL and properly aligned.
|
||||
/// Note that even if `T` has size `0`, the pointer must be non-null and properly aligned.
|
||||
///
|
||||
/// [valid]: self#safety
|
||||
/// [read-ownership]: read#ownership-of-the-returned-value
|
||||
@ -1094,7 +1094,7 @@ pub unsafe fn read_volatile<T>(src: *const T) -> T {
|
||||
///
|
||||
/// * `dst` must be properly aligned.
|
||||
///
|
||||
/// Note that even if `T` has size `0`, the pointer must be non-NULL and properly aligned.
|
||||
/// Note that even if `T` has size `0`, the pointer must be non-null and properly aligned.
|
||||
///
|
||||
/// [valid]: self#safety
|
||||
///
|
||||
@ -1496,7 +1496,7 @@ fnptr_impls_args! { A, B, C, D, E, F, G, H, I, J, K, L }
|
||||
///
|
||||
/// Note, however, that the `expr` in `addr_of!(expr)` is still subject to all
|
||||
/// the usual rules. In particular, `addr_of!(*ptr::null())` is Undefined
|
||||
/// Behavior because it dereferences a NULL pointer.
|
||||
/// Behavior because it dereferences a null pointer.
|
||||
///
|
||||
/// # Example
|
||||
///
|
||||
@ -1536,7 +1536,7 @@ pub macro addr_of($place:expr) {
|
||||
///
|
||||
/// Note, however, that the `expr` in `addr_of_mut!(expr)` is still subject to all
|
||||
/// the usual rules. In particular, `addr_of_mut!(*ptr::null_mut())` is Undefined
|
||||
/// Behavior because it dereferences a NULL pointer.
|
||||
/// Behavior because it dereferences a null pointer.
|
||||
///
|
||||
/// # Examples
|
||||
///
|
||||
|
||||
@ -68,7 +68,7 @@ impl<T: ?Sized> *mut T {
|
||||
///
|
||||
/// # Safety
|
||||
///
|
||||
/// When calling this method, you have to ensure that *either* the pointer is NULL *or*
|
||||
/// When calling this method, you have to ensure that *either* the pointer is null *or*
|
||||
/// all of the following is true:
|
||||
///
|
||||
/// * The pointer must be properly aligned.
|
||||
@ -135,7 +135,7 @@ impl<T: ?Sized> *mut T {
|
||||
///
|
||||
/// # Safety
|
||||
///
|
||||
/// When calling this method, you have to ensure that *either* the pointer is NULL *or*
|
||||
/// When calling this method, you have to ensure that *either* the pointer is null *or*
|
||||
/// all of the following is true:
|
||||
///
|
||||
/// * The pointer must be properly aligned.
|
||||
@ -314,7 +314,7 @@ impl<T: ?Sized> *mut T {
|
||||
///
|
||||
/// # Safety
|
||||
///
|
||||
/// When calling this method, you have to ensure that *either* the pointer is NULL *or*
|
||||
/// When calling this method, you have to ensure that *either* the pointer is null *or*
|
||||
/// all of the following is true:
|
||||
///
|
||||
/// * The pointer must be properly aligned.
|
||||
@ -380,7 +380,7 @@ impl<T: ?Sized> *mut T {
|
||||
///
|
||||
/// # Safety
|
||||
///
|
||||
/// When calling this method, you have to ensure that *either* the pointer is NULL *or*
|
||||
/// When calling this method, you have to ensure that *either* the pointer is null *or*
|
||||
/// all of the following is true:
|
||||
///
|
||||
/// * The pointer must be properly aligned.
|
||||
@ -1237,7 +1237,7 @@ impl<T> *mut [T] {
|
||||
///
|
||||
/// # Safety
|
||||
///
|
||||
/// When calling this method, you have to ensure that *either* the pointer is NULL *or*
|
||||
/// When calling this method, you have to ensure that *either* the pointer is null *or*
|
||||
/// all of the following is true:
|
||||
///
|
||||
/// * The pointer must be [valid] for reads for `ptr.len() * mem::size_of::<T>()` many bytes,
|
||||
@ -1288,7 +1288,7 @@ impl<T> *mut [T] {
|
||||
///
|
||||
/// # Safety
|
||||
///
|
||||
/// When calling this method, you have to ensure that *either* the pointer is NULL *or*
|
||||
/// When calling this method, you have to ensure that *either* the pointer is null *or*
|
||||
/// all of the following is true:
|
||||
///
|
||||
/// * The pointer must be [valid] for reads and writes for `ptr.len() * mem::size_of::<T>()`
|
||||
|
||||
@ -519,7 +519,7 @@ impl<T> NonNull<[T]> {
|
||||
I: SliceIndex<[T]>,
|
||||
{
|
||||
// SAFETY: the caller ensures that `self` is dereferencable and `index` in-bounds.
|
||||
// As a consequence, the resulting pointer cannot be NULL.
|
||||
// As a consequence, the resulting pointer cannot be null.
|
||||
unsafe { NonNull::new_unchecked(self.as_ptr().get_unchecked_mut(index)) }
|
||||
}
|
||||
}
|
||||
|
||||
@ -316,7 +316,7 @@ pub unsafe fn panic(data: Box<dyn Any + Send>) -> u32 {
|
||||
}
|
||||
|
||||
pub unsafe fn cleanup(payload: *mut u8) -> Box<dyn Any + Send> {
|
||||
// A NULL payload here means that we got here from the catch (...) of
|
||||
// A null payload here means that we got here from the catch (...) of
|
||||
// __rust_try. This happens when a non-Rust foreign exception is caught.
|
||||
if payload.is_null() {
|
||||
super::__rust_foreign_exception();
|
||||
|
||||
@ -498,7 +498,7 @@ impl CString {
|
||||
/// Failure to call [`CString::from_raw`] will lead to a memory leak.
|
||||
///
|
||||
/// The C side must **not** modify the length of the string (by writing a
|
||||
/// `NULL` somewhere inside the string or removing the final one) before
|
||||
/// `null` somewhere inside the string or removing the final one) before
|
||||
/// it makes it back into Rust using [`CString::from_raw`]. See the safety section
|
||||
/// in [`CString::from_raw`].
|
||||
///
|
||||
|
||||
@ -49,7 +49,7 @@ pub(super) fn recv_vectored_with_ancillary_from(
|
||||
msg.msg_controllen = ancillary.buffer.len() as libc::socklen_t;
|
||||
}
|
||||
}
|
||||
// macos requires that the control pointer is NULL when the len is 0.
|
||||
// macos requires that the control pointer is null when the len is 0.
|
||||
if msg.msg_controllen > 0 {
|
||||
msg.msg_control = ancillary.buffer.as_mut_ptr().cast();
|
||||
}
|
||||
@ -97,7 +97,7 @@ pub(super) fn send_vectored_with_ancillary_to(
|
||||
msg.msg_controllen = ancillary.length as libc::socklen_t;
|
||||
}
|
||||
}
|
||||
// macos requires that the control pointer is NULL when the len is 0.
|
||||
// macos requires that the control pointer is null when the len is 0.
|
||||
if msg.msg_controllen > 0 {
|
||||
msg.msg_control = ancillary.buffer.as_mut_ptr().cast();
|
||||
}
|
||||
|
||||
@ -116,7 +116,7 @@ cfg_has_statx! {{
|
||||
|
||||
match STATX_STATE.load(Ordering::Relaxed) {
|
||||
0 => {
|
||||
// It is a trick to call `statx` with NULL pointers to check if the syscall
|
||||
// It is a trick to call `statx` with null pointers to check if the syscall
|
||||
// is available. According to the manual, it is expected to fail with EFAULT.
|
||||
// We do this mainly for performance, since it is nearly hundreds times
|
||||
// faster than a normal successful call.
|
||||
@ -450,7 +450,7 @@ impl Iterator for ReadDir {
|
||||
super::os::set_errno(0);
|
||||
let entry_ptr = libc::readdir(self.inner.dirp.0);
|
||||
if entry_ptr.is_null() {
|
||||
// NULL can mean either the end is reached or an error occurred.
|
||||
// null can mean either the end is reached or an error occurred.
|
||||
// So we had to clear errno beforehand to check for an error now.
|
||||
return match super::os::errno() {
|
||||
0 => None,
|
||||
|
||||
@ -153,7 +153,7 @@ impl Command {
|
||||
}
|
||||
|
||||
pub fn arg(&mut self, arg: &OsStr) {
|
||||
// Overwrite the trailing NULL pointer in `argv` and then add a new null
|
||||
// Overwrite the trailing null pointer in `argv` and then add a new null
|
||||
// pointer.
|
||||
let arg = os2c(arg, &mut self.saw_nul);
|
||||
self.argv.0[self.args.len()] = arg.as_ptr();
|
||||
|
||||
@ -722,7 +722,7 @@ pub mod os {
|
||||
unsafe extern "C" fn destroy_value<T: 'static>(ptr: *mut u8) {
|
||||
// SAFETY:
|
||||
//
|
||||
// The OS TLS ensures that this key contains a NULL value when this
|
||||
// The OS TLS ensures that this key contains a null value when this
|
||||
// destructor starts to run. We set it back to a sentinel value of 1 to
|
||||
// ensure that any future calls to `get` for this thread will return
|
||||
// `None`.
|
||||
|
||||
@ -14,7 +14,7 @@ error: any use of this value will cause an error
|
||||
|
|
||||
LL | / const OUT_OF_BOUNDS_PTR: NonNull<u8> = { unsafe {
|
||||
LL | | let ptr: &[u8; 256] = mem::transmute(&0u8); // &0 gets promoted so it does not dangle
|
||||
LL | | // Use address-of-element for pointer arithmetic. This could wrap around to NULL!
|
||||
LL | | // Use address-of-element for pointer arithmetic. This could wrap around to null!
|
||||
LL | | let out_of_bounds_ptr = &ptr[255];
|
||||
| | ^^^^^^^^ memory access failed: pointer must be in-bounds at offset 256, but is outside bounds of alloc10 which has size 1
|
||||
LL | |
|
||||
|
||||
@ -14,7 +14,7 @@ error: any use of this value will cause an error
|
||||
|
|
||||
LL | / const OUT_OF_BOUNDS_PTR: NonNull<u8> = { unsafe {
|
||||
LL | | let ptr: &[u8; 256] = mem::transmute(&0u8); // &0 gets promoted so it does not dangle
|
||||
LL | | // Use address-of-element for pointer arithmetic. This could wrap around to NULL!
|
||||
LL | | // Use address-of-element for pointer arithmetic. This could wrap around to null!
|
||||
LL | | let out_of_bounds_ptr = &ptr[255];
|
||||
| | ^^^^^^^^ memory access failed: pointer must be in-bounds at offset 256, but is outside bounds of alloc10 which has size 1
|
||||
LL | |
|
||||
|
||||
@ -15,7 +15,7 @@ const NULL_PTR: NonNull<u8> = unsafe { mem::transmute(0usize) };
|
||||
#[deny(const_err)] // this triggers a `const_err` so validation does not even happen
|
||||
const OUT_OF_BOUNDS_PTR: NonNull<u8> = { unsafe {
|
||||
let ptr: &[u8; 256] = mem::transmute(&0u8); // &0 gets promoted so it does not dangle
|
||||
// Use address-of-element for pointer arithmetic. This could wrap around to NULL!
|
||||
// Use address-of-element for pointer arithmetic. This could wrap around to null!
|
||||
let out_of_bounds_ptr = &ptr[255]; //~ ERROR any use of this value will cause an error
|
||||
//~| WARN this was previously accepted by the compiler but is being phased out
|
||||
mem::transmute(out_of_bounds_ptr)
|
||||
|
||||
@ -24,7 +24,7 @@ error[E0080]: it is undefined behavior to use this value
|
||||
--> $DIR/ub-ref-ptr.rs:21:1
|
||||
|
|
||||
LL | const NULL: &u16 = unsafe { mem::transmute(0usize) };
|
||||
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ type validation failed: encountered a NULL reference
|
||||
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ type validation failed: encountered a null reference
|
||||
|
|
||||
= note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior.
|
||||
= note: the raw bytes of the constant (size: 4, align: 4) {
|
||||
@ -35,7 +35,7 @@ error[E0080]: it is undefined behavior to use this value
|
||||
--> $DIR/ub-ref-ptr.rs:24:1
|
||||
|
|
||||
LL | const NULL_BOX: Box<u16> = unsafe { mem::transmute(0usize) };
|
||||
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ type validation failed: encountered a NULL box
|
||||
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ type validation failed: encountered a null box
|
||||
|
|
||||
= note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior.
|
||||
= note: the raw bytes of the constant (size: 4, align: 4) {
|
||||
|
||||
@ -24,7 +24,7 @@ error[E0080]: it is undefined behavior to use this value
|
||||
--> $DIR/ub-ref-ptr.rs:21:1
|
||||
|
|
||||
LL | const NULL: &u16 = unsafe { mem::transmute(0usize) };
|
||||
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ type validation failed: encountered a NULL reference
|
||||
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ type validation failed: encountered a null reference
|
||||
|
|
||||
= note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior.
|
||||
= note: the raw bytes of the constant (size: 8, align: 8) {
|
||||
@ -35,7 +35,7 @@ error[E0080]: it is undefined behavior to use this value
|
||||
--> $DIR/ub-ref-ptr.rs:24:1
|
||||
|
|
||||
LL | const NULL_BOX: Box<u16> = unsafe { mem::transmute(0usize) };
|
||||
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ type validation failed: encountered a NULL box
|
||||
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ type validation failed: encountered a null box
|
||||
|
|
||||
= note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior.
|
||||
= note: the raw bytes of the constant (size: 8, align: 8) {
|
||||
|
||||
@ -6,7 +6,7 @@ LL | | let bad_ref: &'static u16 = unsafe { mem::transmute(0usize) };
|
||||
LL | | let another_var = 13;
|
||||
LL | | move || { let _ = bad_ref; let _ = another_var; }
|
||||
LL | | };
|
||||
| |__^ type validation failed: encountered a NULL reference at .<deref>.<dyn-downcast>.<captured-var(bad_ref)>
|
||||
| |__^ type validation failed: encountered a null reference at .<deref>.<dyn-downcast>.<captured-var(bad_ref)>
|
||||
|
|
||||
= note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior.
|
||||
= note: the raw bytes of the constant (size: 8, align: 4) {
|
||||
|
||||
@ -6,7 +6,7 @@ LL | | let bad_ref: &'static u16 = unsafe { mem::transmute(0usize) };
|
||||
LL | | let another_var = 13;
|
||||
LL | | move || { let _ = bad_ref; let _ = another_var; }
|
||||
LL | | };
|
||||
| |__^ type validation failed: encountered a NULL reference at .<deref>.<dyn-downcast>.<captured-var(bad_ref)>
|
||||
| |__^ type validation failed: encountered a null reference at .<deref>.<dyn-downcast>.<captured-var(bad_ref)>
|
||||
|
|
||||
= note: The rules on what exactly is undefined behavior aren't clear, so this check might be overzealous. Please open an issue on the rustc repository if you believe it should not be considered undefined behavior.
|
||||
= note: the raw bytes of the constant (size: 16, align: 8) {
|
||||
|
||||
@ -4,7 +4,7 @@ error[E0133]: dereference of raw pointer is unsafe and requires unsafe function
|
||||
LL | *(1 as *mut u32) = 42;
|
||||
| ^^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer
|
||||
|
|
||||
= note: raw pointers may be NULL, dangling or unaligned; they can violate aliasing rules and cause data races: all of these are undefined behavior
|
||||
= note: raw pointers may be null, dangling or unaligned; they can violate aliasing rules and cause data races: all of these are undefined behavior
|
||||
|
||||
error: aborting due to previous error
|
||||
|
||||
|
||||
@ -12,7 +12,7 @@ error[E0133]: dereference of raw pointer is unsafe and requires unsafe function
|
||||
LL | match *ptr {}
|
||||
| ^^^^ dereference of raw pointer
|
||||
|
|
||||
= note: raw pointers may be NULL, dangling or unaligned; they can violate aliasing rules and cause data races: all of these are undefined behavior
|
||||
= note: raw pointers may be null, dangling or unaligned; they can violate aliasing rules and cause data races: all of these are undefined behavior
|
||||
|
||||
error: aborting due to 2 previous errors
|
||||
|
||||
|
||||
@ -4,7 +4,7 @@ error[E0133]: dereference of raw pointer is unsafe and requires unsafe function
|
||||
LL | *self += 1;
|
||||
| ^^^^^^^^^^ dereference of raw pointer
|
||||
|
|
||||
= note: raw pointers may be NULL, dangling or unaligned; they can violate aliasing rules and cause data races: all of these are undefined behavior
|
||||
= note: raw pointers may be null, dangling or unaligned; they can violate aliasing rules and cause data races: all of these are undefined behavior
|
||||
|
||||
error: aborting due to previous error
|
||||
|
||||
|
||||
@ -4,7 +4,7 @@ error[E0133]: dereference of raw pointer is unsafe and requires unsafe function
|
||||
LL | *(1 as *mut u32) = 42;
|
||||
| ^^^^^^^^^^^^^^^^^^^^^ dereference of raw pointer
|
||||
|
|
||||
= note: raw pointers may be NULL, dangling or unaligned; they can violate aliasing rules and cause data races: all of these are undefined behavior
|
||||
= note: raw pointers may be null, dangling or unaligned; they can violate aliasing rules and cause data races: all of these are undefined behavior
|
||||
|
||||
error: aborting due to previous error
|
||||
|
||||
|
||||
@ -17,7 +17,7 @@ error: dereference of raw pointer is unsafe and requires unsafe block (error E01
|
||||
LL | *PTR;
|
||||
| ^^^^ dereference of raw pointer
|
||||
|
|
||||
= note: raw pointers may be NULL, dangling or unaligned; they can violate aliasing rules and cause data races: all of these are undefined behavior
|
||||
= note: raw pointers may be null, dangling or unaligned; they can violate aliasing rules and cause data races: all of these are undefined behavior
|
||||
|
||||
error: use of mutable static is unsafe and requires unsafe block (error E0133)
|
||||
--> $DIR/rfc-2585-unsafe_op_in_unsafe_fn.rs:13:5
|
||||
@ -59,7 +59,7 @@ error: dereference of raw pointer is unsafe and requires unsafe block (error E01
|
||||
LL | *PTR;
|
||||
| ^^^^ dereference of raw pointer
|
||||
|
|
||||
= note: raw pointers may be NULL, dangling or unaligned; they can violate aliasing rules and cause data races: all of these are undefined behavior
|
||||
= note: raw pointers may be null, dangling or unaligned; they can violate aliasing rules and cause data races: all of these are undefined behavior
|
||||
|
||||
error: use of mutable static is unsafe and requires unsafe block (error E0133)
|
||||
--> $DIR/rfc-2585-unsafe_op_in_unsafe_fn.rs:28:5
|
||||
|
||||
@ -4,7 +4,7 @@ error[E0133]: dereference of raw pointer is unsafe and requires unsafe function
|
||||
LL | *p = 0;
|
||||
| ^^^^^^ dereference of raw pointer
|
||||
|
|
||||
= note: raw pointers may be NULL, dangling or unaligned; they can violate aliasing rules and cause data races: all of these are undefined behavior
|
||||
= note: raw pointers may be null, dangling or unaligned; they can violate aliasing rules and cause data races: all of these are undefined behavior
|
||||
|
||||
error: aborting due to previous error
|
||||
|
||||
|
||||
@ -4,7 +4,7 @@ error[E0133]: dereference of raw pointer is unsafe and requires unsafe function
|
||||
LL | return *p;
|
||||
| ^^ dereference of raw pointer
|
||||
|
|
||||
= note: raw pointers may be NULL, dangling or unaligned; they can violate aliasing rules and cause data races: all of these are undefined behavior
|
||||
= note: raw pointers may be null, dangling or unaligned; they can violate aliasing rules and cause data races: all of these are undefined behavior
|
||||
|
||||
error: aborting due to previous error
|
||||
|
||||
|
||||
@ -4,7 +4,7 @@ error[E0133]: dereference of raw pointer is unsafe and requires unsafe function
|
||||
LL | *a == b
|
||||
| ^^ dereference of raw pointer
|
||||
|
|
||||
= note: raw pointers may be NULL, dangling or unaligned; they can violate aliasing rules and cause data races: all of these are undefined behavior
|
||||
= note: raw pointers may be null, dangling or unaligned; they can violate aliasing rules and cause data races: all of these are undefined behavior
|
||||
|
||||
error: aborting due to previous error
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user